Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-30497 PoC — Ivanti Avalanche 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-30497.yaml
Associated Vulnerability
Title:Ivanti Avalanche 路径遍历漏洞 (CVE-2021-30497)
Description:Ivanti Avalanche是美国Ivanti公司的一套企业移动设备管理系统。该系统主要用于管理智能手机、平板电脑和条形码扫描仪等设备。 Ivanti Avalanche 6.3.2存在安全漏洞,该漏洞源于/AvalancheWeb/image 端点处理的 imageFilePath 参数并未验证是否在图像文件夹范围内。远程未经身份验证的用户通过绝对路径利用该漏洞可以遍历读取任意文件。
Description
Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.
File Snapshot

 id: CVE-2021-30497

info:
  name: Ivanti Avalanche 6.3.2 - Local File Inclusion
  author: gy741
  se

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.