Skip to content

CVE-2025-53833 误报 #190

New issue
New issue
Open
Open
CVE-2025-53833 误报#190
Labels
Done
@ViCrack

Description

@ViCrack
ViCrack
opened on Nov 21, 2025

这个poc的微信参考链接貌似给错了

另外poc中的{{}}被表达式语法提前解析了

Image

按理应该是发送

GET /docs/1.0/?{{9999*9999}}HTTP/1.1
Host: xxxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

结果发送的是

GET /docs/1.0/?99980001 HTTP/1.1
Host: xxxx

Metadata

Metadata

Assignees

No one assigned

    Labels

    Done

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions