CVE-2021-3019 PoC — Ffay Lanproxy 路径遍历漏洞

Source

https://github.com/Maksim-venus/CVE-2021-3019

Associated Vulnerability

Title:Ffay Lanproxy 路径遍历漏洞 (CVE-2021-3019)
Description:Ffay Lanproxy是Ffay个人开发者的一个可将局域网内服务代理到公网的内网穿透工具。 ffay lanproxy 0.1 存在路径遍历漏洞，该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。

Description

lanproxy 目录遍历漏洞批量检测用户名密码POC (CVE-2021-3019)

Readme

## 使用方法&免责声明

 lanproxy 目录遍历漏洞批量检测 (CVE-2021-3019)

![payload](./CVE-2021-3019.png)


使用方法：`Python CVE-2021-3019.py url.txt`

url.txt 中每个url为一行，漏洞地址输出在CVE-2021-3019.csv中

##### 影响版本

lanproxy 0.1



工具仅用于安全人员安全测试，任何未授权检测造成的直接或者间接的后果及损失，均由使用者本人负责

File Snapshot


 [4.0K]  /data/pocs/56d9125307b917f3ef56afedde9fa830947ddb9c
├── [ 71K]  CVE-2021-3019.png
├── [2.7K]  CVE-2021-3019.py
└── [ 422]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!