Introduction
Lanproxy is an intranet penetration tool that proxies LAN personal computers and servers to the public network. Currently, it only supports tcp traffic forwarding, and can support any tcp upper layer protocol (access to intranet websites, local payment interface debugging, ssh access, remote desktop... ). At present, there are peanut shell, TeamViewer, GoToMyCloud, etc. on the market that provide similar services, but to use a third-party public network server, you must pay for the third party, and these services have various restrictions. In addition, due to the data package It will flow through a third party, so it is also a major hidden danger to data security.
Affected version
lanproxy 0.1
Vulnerability overview
This Lanproxy path traversal vulnerability (CVE-2021-3019) reads arbitrary files through .../bypass.
This vulnerability allows directory traversal to read /.../conf/config.properties to obtain credentials for intranet connection.
Environment setup
Download the lanproxy installation package:
https://file.nioee.com/d/2e81550ebdbd416c933f/
After the download is complete, unzip it to the /usr/local/ directory:
execute the commands in turn, access the ip address: 8090:
Vulnerability recurrence:
Use burpsuite to capture packets and trigger the vulnerability at the url:
configuration file:/../conf/config.properties
View /etc/passwd:
/../../../../etc/passwd
