[Vulnerability Recurrence] There is a recurrence of arbitrary file reading vulnerability in Panwei e-office OfficeServer2.php - Code World

[Vulnerability Recurrence] There is a recurrence of arbitrary file reading vulnerability in Panwei e-office OfficeServer2.php

Mobile 2023-10-07 04:07:20 views: null

Article directory

Preface
statement
1. Vulnerability description
2. Vulnerability analysis
3. Recurrence of vulnerabilities
4. Repair suggestions

Preface

Panwei e-office OfficeServer2.php has an arbitrary file reading vulnerability. An attacker can obtain sensitive data information by constructing a specific payload.

statement

Please do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article are the responsibility of the user himself. All adverse consequences and The author of the article is irrelevant. This article is for educational purposes only.

1. Vulnerability description

Panwei e-office OfficeServer2.php has an arbitrary file reading vulnerability. Attackers can obtain sensitive information through this vulnerability to prepare for the next attack.

2. Vulnerability analysis

Open iWeboffice/OfficeServer2.php, the code is as follows:

//取得操作命令信息
$mOption=$OPTION;

Guess you like

Origin blog.csdn.net/weixin_46944519/article/details/132831258

[Vulnerability Recurrence] There is a recurrence of arbitrary file reading vulnerability in Panwei e-office OfficeServer2.php

Vulnerability recurrence-milesight vpn arbitrary file reading vulnerability (with vulnerability detection script)

Vulnerability Recurrence-Yisaitong arbitrary file reading vulnerability (with vulnerability detection script)

Vulnerability recurrence - there is an arbitrary file reading vulnerability in the iDocview doc/upload interface (vulnerability detection script attached)

Vulnerability recurrence - arbitrary file reading exists in a certain interface of a friend's CRM system (with vulnerability detection script attached)

[Vulnerability Recurrence] Smanga Unauthorized Remote Code Execution Vulnerability (CVE-2023-36076) Additional SQL Injection + Arbitrary File Reading

CVE-2018-2894 weblogic arbitrary file upload vulnerability recurrence

UFIDA KSOA ImageUpload Arbitrary File Upload Vulnerability Recurrence + Exploitation

Hongjing eHR arbitrary file upload vulnerability recurrence (0day)

Vulnerability recurrence - UFIDA NC arbitrary file upload vulnerability (with vulnerability detection script)

[vulhub vulnerability recurrence] Thinkphp 2.x arbitrary code execution

Analysis of arbitrary file reading vulnerability in a micro e-office collaborative management system CNVD-2022-07603

[Vulnerability Recurrence] WordPress plugin wp-file-manager arbitrary file upload vulnerability (CVE-2020-25213)

[vulhub vulnerability recurrence] CVE-2016-3088 ActiveMQ arbitrary file writing vulnerability

[vulhub vulnerability recurrence] CVE-2018-2894 Weblogic arbitrary file upload vulnerability

Hikvision iVMS integrated security system arbitrary file upload vulnerability recurrence (0day)

Kingdee Cloud Xingkong arbitrary file read vulnerability recurrence (0day)

Apache Axis2 background file upload getshell vulnerability recurrence

Arbitrary file reading and vulnerability reproduction

[vulhub vulnerability recurrence] Thinkphp 5.0.23 arbitrary code execution

Apache Flink vulnerability recurrence

Weblogic ssrf vulnerability recurrence

Fastjson deserialization vulnerability recurrence

Vulnerability recurrence - Zhejiang University Ent customer resource management system CustomerAction.entphone; .js interface arbitrary file upload vulnerability (with vulnerability detection script)

[Vulnerability recurrence] Tongda OA v11.7 online arbitrary user login vulnerability

There is an arbitrary file reading vulnerability in zeroshell firewall

There is an arbitrary file reading vulnerability in Lanling OA

Arbitrary file reading vulnerability in a billing management system

The principle and recurrence of IIS PUT vulnerability

Recurrence of vulnerability in WordPress version 4.6

Recommended

Linus is the most active in "eating dog food"!

Ranking

Share good programmer web front-end array and sorting, de-duplication and random roll call

Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe

魔众帮助中心系统 v3.1.0 首页切换器，界面优化

Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)

How to suppress the "requires transitive directive for an automatic module" warning properly?

LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)

Summer 2019 Summer soft essay 7 workers

Python中Assert断言的使用语法和例子

LeetCode one question per day (2021-2-3 sliding window median)

Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up

Daily

More

2024-05-20(5)

2024-05-19(0)

2024-05-18(31)

2024-05-17(6)

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)