Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9833 PoC — Boa 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-9833.yaml
Associated Vulnerability
Title:Boa 路径遍历漏洞 (CVE-2017-9833)
Description:Boa是Boa开源的一种适用于嵌入式应用程序的开放源代码。 Boa中存在路径遍历漏洞,该漏洞源于/cgi-bin/wapopen 的 FILECAMERA 变量能够注入路径以读取根目录。
Description
BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials.
File Snapshot

 id: CVE-2017-9833

info:
  name: BOA Web Server 0.94.14 - Arbitrary File Access
  author: 0x_Akoko
 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.