# N/A
## 漏洞概述
ffay lanproxy 0.1 版本存在目录穿越漏洞,攻击者可利用此漏洞读取 `/../conf/config.properties` 文件,从而获取连接内网的凭证信息。
## 影响版本
- ffay lanproxy 0.1
## 漏洞细节
攻击者可以通过目录穿越漏洞访问 `/../conf/config.properties` 文件,该文件中包含了用于连接内网的凭证信息。
## 影响
该漏洞可能导致攻击者获取用于连接内网的敏感信息,从而威胁系统的安全性。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | lanproxy 目录遍历漏洞批量检测 (CVE-2021-3019) | https://github.com/B1anda0/CVE-2021-3019 | POC详情 |
| 2 | CVE-2021-3019 lanproxy目录遍历任意文件读取漏洞探测POC | https://github.com/0xf4n9x/CVE-2021-3019 | POC详情 |
| 3 | lanproxy 目录遍历漏洞批量检测用户名密码POC (CVE-2021-3019) | https://github.com/Maksim-venus/CVE-2021-3019 | POC详情 |
| 4 | [CVE-2021-3019] LanProxy Directory Traversal | https://github.com/murataydemir/CVE-2021-3019 | POC详情 |
| 5 | lanproxy(CVE-2021-3019)目录遍历 | https://github.com/Aoyuh/cve-2021-3019 | POC详情 |
| 6 | None | https://github.com/givemefivw/CVE-2021-3019 | POC详情 |
| 7 | None | https://github.com/qiezi-maozi/CVE-2021-3019-Lanproxy | POC详情 |
| 8 | CVE-2021-3019 | https://github.com/a1665454764/CVE-2021-3019 | POC详情 |
| 9 | ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-3019.yaml | POC详情 |
| 10 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Lanproxy%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E%20CVE-2021-3019.md | POC详情 |
| 11 | None | https://github.com/chaitin/xray-plugins/blob/main/poc/manual/lanproxy-cve-2021-3019-lfi.yml | POC详情 |