漏洞描述
D-Security终端文件保护系统是一款专注于企业文件管理效率与安全的解决方案。该系统对文件进行全文加密,降低了被破解的风险,并被政府和国安局等情报单位认定为安全文件加密产品。系统的 /DLP/public/admintool/system_setting/sys_ds_logfile_displaylog.jsp 接口存在文件读取漏洞,攻击者可以通过构造恶意请求读取系统中的任意文件(如数据库配置文件、系统配置文件等),可能导致敏感信息泄露,进一步危害系统安全。
D-Security终端文件保护系统 /DLP/public/admintool/system_setting/sys_ds_logfile_displaylog.jsp 文件读取漏洞
PoC代码
暂无相关漏洞推荐
- Exrick Xboot Swagger SecurityController.java服务器端请求伪造(CVE-2025-8527)
- POC CVE-2019-14287: Sudo <= 1.8.27 - Security Bypass
- POC CVE-2014-6308: Osclass Security Advisory 3.4.1 - Local File Inclusion
- POC CVE-2016-4977: Spring Security OAuth2 Remote Command Execution
- POC CVE-2017-7925: Dahua Security - Configuration File Disclosure
- POC CVE-2018-8719: WordPress WP Security Audit Log 3.1.1 - Information Disclosure
- POC CVE-2019-1003000: Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
- POC CVE-2020-3187: Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
- POC CVE-2020-3452: Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
- POC CVE-2021-32618: Python Flask-Security - Open Redirect
- POC CVE-2021-39327: WordPress BulletProof Security 5.1 Information Disclosure
- POC CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC CVE-2022-0429: WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Cross-Site Scripting