Title: TRSWCM File Read vulnerability Source: Ma Jun sblog risk level: High Impact version: Full Version Vulnerability Description: a file in trswcm. filename has not been filtered. attackers can directly write arbitrary files. c: boot. ini or .... passwd and other combinations can download sensitive files. 0 ---------------------------------------
Title: trs wcm File Read Vulnerability
Source: Ma jun's blog
Risk Level: high
Affected Version: Full Version
Vulnerability description:
TrSWcM file.FileName is not filtered. Any file can be written directly. Use a file similar to c:/boot. ini or ../../PasswdAnd other combinations to download sensitive files.
0--------------------------------------------------------------0
Ma Jun:
Let's see how you apply this problem. Basically, I used this Arbitrary File Download to determine the path. Before the file with the brute-force Path Vulnerability is found