Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-8982 PoC — WaveMaker Studio 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-8982.yaml
Associated Vulnerability
Title:WaveMaker Studio 代码问题漏洞 (CVE-2019-8982)
Description:Wavemaker Studio是美国Wavemaker公司的一套基于浏览器开发环境的用于数据驱动的Web应用程序。 WaveMaker Studio 6.6版本中的com/wavemaker/studio/StudioService.java文件存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
Description
WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery.
File Snapshot

 id: CVE-2019-8982

info:
  name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request For

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.