POC详情: 8499c04afda74a07aa2142733a75e6b6aa559cd5

来源
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-15715.yaml
关联漏洞
标题: Apache httpd 输入验证错误漏洞 (CVE-2017-15715)
描述:Apache httpd是美国阿帕奇(Apache)软件基金会的一款专为现代操作系统开发和维护的开源HTTP服务器。 Apache httpd 2.4.0版本至2.4.29版本中存在安全漏洞。攻击者可通过向目标系统发送特制的文件利用该漏洞绕过安全限制。
描述
Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
文件快照

 id: CVE-2017-15715

info:
  name: Apache httpd <=2.4.29 - Arbitrary File Upload
  author: geeknik
  

...
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。