Article directory
Preface
Panwei e-office OfficeServer2.php has an arbitrary file reading vulnerability. An attacker can obtain sensitive data information by constructing a specific payload.
statement
Please do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article are the responsibility of the user himself. All adverse consequences and The author of the article is irrelevant. This article is for educational purposes only.
1. Vulnerability description
Panwei e-office OfficeServer2.php has an arbitrary file reading vulnerability. Attackers can obtain sensitive information through this vulnerability to prepare for the next attack.
2. Vulnerability analysis
Open iWeboffice/OfficeServer2.php, the code is as follows:
//取得操作命令信息
$mOption=$OPTION;