CVE-2022-27228 PoC — Bitrix Site Manager 输入验证错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-27228.yaml

Associated Vulnerability

Title:Bitrix Site Manager 输入验证错误漏洞 (CVE-2022-27228)
Description:Bitrix Site Manager是美国Bitrix公司的一个网站管理系统。 Bitrix Site Manager 21.0.100 版本之前存在安全漏洞。未经身份验证的攻击者可以远程执行任意代码。

Description

In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.

File Snapshot


 id: CVE-2022-27228

info:
  name: Bitrix Site Manager - Remote Code Execution
  author: theamanrawat

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!