漏洞描述
畅捷通T+ 是一款智慧、灵动、时尚的基于互联网时代的企业管理软件。畅捷通T+ DownloadProxy.aspx 存在任意文件读取漏洞,攻击者可读取web.config等敏感信息进一步控控制服务器权限。
畅捷通T+ DownloadProxy.aspx 文件 Path 参数文件读取漏洞
PoC代码
暂无相关漏洞推荐
- chanjet-tplus-checkpassword-sqli: 用友 畅捷通T+ CheckPassword SQL注入漏洞
- POC CVE-2022-0864: UpdraftPlus < 1.22.9 - Cross-Site Scripting
- POC changjietong-tplus-keyedit-sqli: 畅捷通TPlus-keyEdit.aspx-SQL注入漏洞
- POC chanjet-tplus-checkmutex-sqli: Chanjet Tplus CheckMutex SQL Injection
- POC chanjet-tplus-rce: 畅捷通 T+ 远程命令执行
- POC yonyou-chanjet-tplus-read-file: 用友 畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞
- POC CNVD-2023-48562: Chanjet TPlus GetStoreWarehouseByStore - Remote Command Execution
- POC chanjet-tplus-unauth-passreset: Chanjet Tplus - Unauthorized Password Reset
- POC chanjet-tplus-checkmutex-sqli: Chanjet Tplus CheckMutex - SQL Injection
- POC chanjet-tplus-file-read: Chanjet TPlus DownloadProxy.aspx - Arbitrary File Read
- POC chanjet-tplus-fileupload: UFIDA Chanjet TPluse Upload.aspx - Arbitrary File Upload
- POC chanjet-tplus-ufida-sqli: Chanjet TPluse Ufida.T.SM.Login.UIP - SQL injection
- 畅捷通TPLUS AccountClearControler SQL注入漏洞