Jinhe Oa C6 Editmain Aspx Background File Writing Vulnerability
Jinhe Oa C6 Editmain Aspx Background File Writing Vulnerability
Jinhe OA C6 EditMain.aspx background file writing vulnerability
Vulnerability Description
Jinhe OA C6 EditMain.aspx has an arbitrary file writing vulnerability, through which malicious files can be written to obtain server permissions
Vulnerability Impact
Kin and OA C6
Network surveying and mapping
Vulnerability reappears
Vulnerability triggering requires background permissions
Access vulnerability point /C6/JHSoft.Web.Portal/EditMain.aspx?id=cmdshell.aspx
Write webshell code to save
Visit again /C6/JHSoft.Web.Portal/Default/cmdshell.aspx
This post is licensed under CC BY 4.0 by the author.