华测监测预警系统 任意文件读取漏洞
I have developed a tool for local testing and POC development, which is for technical learning reference only. Please do not use it for illegal purposes. Any direct or indirect consequences and losses caused by individuals or organizations using the information provided in this article are the responsibility of the user themselves and have nothing to do with the author!!!
The Huace Monitoring and Early Warning System is a scientifically sound geological disaster monitoring and early warning platform that achieves scientific, information-based, standardized, and visualized management of geological disaster prevention and control.
pip install -r requirements.txt
python 华测监测预警系统任意文件读取漏洞.py -h
usage: 华测监测预警系统任意文件读取漏洞.py [-h] (-u URL | -f FILE) [--random-agent RANDOM_AGENT] [-d DELAY] [-t THREAD]
[--proxy PROXY] [--path PATH] [--save-path SAVE_PATH]
Huace Monitoring and Warning System Arbitrary File Reading Vulnerability
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Enter target object
-f FILE, --file FILE Input target object file
--random-agent RANDOM_AGENT
Using random user agents
-d DELAY, --delay DELAY
Set multi threaded access latency (setting range from 0 to 5)
-t THREAD, --thread THREAD
Set the number of program threads (setting range from 1 to 50)
--proxy PROXY Set up the proxy
--path PATH Enter the file you want to read
--save-path SAVE_PATH
Enter the save path of file you want to read