WebNMS Framework 5.2SP1 File Upload

WebNMS 是一个业界领先的用于构建网络管理应用的架构。上传功能存在目录遍历及远程代码执行漏洞。 漏洞细节 FileUploadServlet允许未登录上传JSP文件。提交如下 POST 请求： POST /servlets/FileUploadServlet?fileName=../jsp/Login.jsp HTTP/1.1 下载官方Windows试用版软件测试通过： http://www.webnms.com/webnms/14107380/WebNMSFramework5STDWindows.exe 其它信息 漏洞发现者：Pedro Ribeiro...

WebNMS Framework 5.2SP1 Text File Download

Summary WebNMS is an industry-leading used to build network management applications architecture. The File Download feature does not require login you can download any text, non-binary file. Vulnerability details FetchFile to allow not logged in download the file, but only the text content of the...