Open gaogaostone opened 1 year ago
1) When I study the source code of KnowAgent, the file-content route in NormalLogCollectTaskController.java gets my attention. It seems to be a file read function. 2)Then I access the route via http request. It is a vulnerability which leads to an arbitrary file reading. The request URL is http://116.85.4.122:9010/api/v1/normal/collect-task/file-content?hostName=127.0.0.1&path=/etc/passwd
谢谢宝贵的建议,这的确是个漏洞,我们将修复.
1) When I study the source code of KnowAgent, the file-content route in NormalLogCollectTaskController.java gets my attention. It seems to be a file read function. 2)Then I access the route via http request. It is a vulnerability which leads to an arbitrary file reading. The request URL is http://116.85.4.122:9010/api/v1/normal/collect-task/file-content?hostName=127.0.0.1&path=/etc/passwd