Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@SurfRid3r
SurfRid3r committed Nov 10, 2022
1 parent 642684a commit 1f4fc39
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion node/CVE-2020-7699/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## 漏洞原理

`express-fileupload`是用来处理上传文件的中间件,在`1.1.7-alpha.4`及以前的版本存在原型链污染漏洞,利用该漏洞可以造成远程代码执行
`express-fileupload`是用来处理上传文件的中间件,在`1.1.7-alpha.4`及以前的版本存在原型链污染漏洞。如果站点还使用`ejs`模板引擎(`<=3.1.6`),可以通过构造调用链污染`outputFunctionName`参数从而造成远程代码执行

参考链接:

Expand Down

0 comments on commit 1f4fc39

Please sign in to comment.