update README

Signed-off-by: jiexixijie <[email protected]>
vulhub · Nov 20, 2022 · 502870c · 502870c
1 parent 7034400
commit 502870c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/node/CVE-2020-7699/README.md b/node/CVE-2020-7699/README.md
@@ -2,7 +2,7 @@
 
 ## Vulnerability principle
 
-`express-fileupload` is a express middleware for uploading files. In the version prior `1.1.7-alpha.4`, it has a protype pollution vulnerability which we can find a use chain in `ejs(<=3.1.6)` to cause remote code execution.
+`express-fileupload` is a express middleware for uploading files. In the version prior `1.1.7-alpha.4`, it has a protype pollution vulnerability. And if also the website use `ejs(<=3.1.6)` which is a template engine, the `outputFunctionName` parameter can be polluted by constructing a call chain, thereby causing remote code execution.
 
 References：
 

diff --git a/node/CVE-2020-7699/README.zh-cn.md b/node/CVE-2020-7699/README.zh-cn.md
@@ -2,7 +2,9 @@
 
 ## 漏洞原理
 
-`express-fileupload`是用来处理上传文件的中间件，在`1.1.7-alpha.4`及以前的版本存在原型链污染漏洞，利用该漏洞我们可以在`ejs(<=3.1.6)`中找到利用链从而造成远程代码执行。
+`express-fileupload`是用来处理上传文件的中间件，在`1.1.7-alpha.4`及以前的版本存在原型链污染漏洞，如果站点还使用`ejs模板引擎(<=3.1.6)`，可以通过构造调用链污染`outputFunctionName`参数从而造成远程代码执行。
+
+参考链接：
 
 参考链接：