通达OA任意文件下载漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 通达OA任意版本任意文件下载漏洞,可以下载电脑上任意文件。 官网最新版作演示: ### 详细说明: 正常下载图片: http://**.**.**.**/general/picture/batch_down.php?TmpFileNameStr=DSCN0292.jpg|@~@&SUB_DIR=&PIC_PATH=d:/myoa/%D4%B1%B9%A4%BB%EE%B6%AF [<img src="https://images.seebug.org/upload/201512/02125631b3e4c6c0e5c8ef422253ef68699b9035.png" alt="oa1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/02125631b3e4c6c0e5c8ef422253ef68699b9035.png) [<img src="https://images.seebug.org/upload/201512/02125702cbf0b26b31d005ca586aabec6ccb9621.png" alt="oa2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/02125702cbf0b26b31d005ca586aabec6ccb9621.png) [<img src="https://images.seebug.org/upload/201512/02125712a9766111f1e49bbda8d72fdc26bf3f7c.png" alt="oa3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/02125712a9766111f1e49bbda8d72fdc26bf3f7c.png) 修改路径下载文件: 下载index.php:...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息