If You Follow The Management System Read Any File In The Background Cnvd 2021 01931
If You Follow The Management System Read Any File In The Background Cnvd 2021 01931
Read any file in the background according to the management system CNVD-2021-01931
Vulnerability Description
If the management system is based on SpringBoot’s permission management system, you can read any file on the server after logging in to the background.
Vulnerability Impact
RuoYi < v4.5.1
Network surveying and mapping
Vulnerability reappears
Log in to the background to access Url
1
/common/download/resource?resource=/profile/../../../../etc/passwd
The file will be downloaded after accessing /etc/passwd
You can use Burp to grab packets to change /etc/passwd to obtain sensitive information for other file paths
Added filtering in new version fix
This post is licensed under CC BY 4.0 by the author.