漏洞描述
AnyProxy是一个基于NodeJS的,可供插件配置的HTTP/HTTPS代理服务器。
AnyProxy存在目录穿越漏洞,攻击者可通过此漏洞读取到敏感文件信息。
Alibaba anyproxy 目录穿越导致任意文件读取
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-44139: Alibaba Sentinel - Server-side request forgery (SSRF)
- POC CVE-2021-44139: Alibaba Sentinel - Server-side request forgery (SSRF)
- POC alibaba-canal-default-password: Alibaba Canal Default Password
- POC nacos-user-list-unauthorized: Alibaba Nacos V1 Auth Bypass
- POC alibaba-anyproxy-fetchbody-anyfile-read: Alibaba AnyProxy fetchBody 任意文件读取漏洞
- POC alibaba-canal-config-leak: Alibaba Canal config 云密钥信息泄露漏洞
- POC alibaba-sentinel-default-user: Alibaba Sentinel 默认用户
- POC nacos-secret-default-key-unauth: Alibaba Nacos secret.key默认密钥 未授权访问漏洞
- POC nacos-severidentity-bypass: Alibaba Nacos ServerIdentity 权限绕过
- POC alibaba-ug-csp-bypass: Content-Security-Policy Bypass - Alibaba UG
- POC canal-default-login: Alibaba Canal Default Login
- POC druid-default-login: Alibaba Druid Monitor Default Login
- POC nacos-default-login: Alibaba Nacos - Default Login