VULHUB ™

### 简要描述： 配置错误导致遍历漏洞，监控log文件报告，可以找到关键sql语句 内部敏感数据遍历下载，服务器集群ip泄露，财务收入报表随意下载，危险程度自知！ ### 详细说明： ``` http://kdeas.kingdee.com//easWebClient/ http://kdeas.kingdee.com/nap/ http://kdeas.kingdee.com//client/ http://global.kingdee.com/en/products/kis/ http://login.mykingdee.com/login?service=http%3A%2F%2Fkdeas.kingdee.com%3A7888%2Feasportal%2F %3Bjsessionid%3DwKjIVx7QUW4U0KJcrnuDNk71l-2rDge04rYA http://web20.kingdee.com/down http://kdeas.kingdee.com/easfiles/easdoc/files/ ``` http://www.kingdee.com/sitemap.xml 网站地图 配置错误导致遍历漏洞，监控log文件报告，可以找到关键sql语句 配置文件信息外露，代码泄露！ ### 漏洞证明： [<img src="https://images.seebug.org/upload/201304/17105138dada7b9d56cd85ef3c4865341a2ebce6.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17105138dada7b9d56cd85ef3c4865341a2ebce6.jpg) [<img src="https://images.seebug.org/upload/201304/1710512782addc1ffba2f13bd971072278032491.jpg" alt="4.jpg" width="600"...

### 简要描述： 配置错误导致遍历漏洞，监控log文件报告，可以找到关键sql语句 内部敏感数据遍历下载，服务器集群ip泄露，财务收入报表随意下载，危险程度自知！ ### 详细说明： ``` http://kdeas.kingdee.com//easWebClient/ http://kdeas.kingdee.com/nap/ http://kdeas.kingdee.com//client/ http://global.kingdee.com/en/products/kis/ http://login.mykingdee.com/login?service=http%3A%2F%2Fkdeas.kingdee.com%3A7888%2Feasportal%2F %3Bjsessionid%3DwKjIVx7QUW4U0KJcrnuDNk71l-2rDge04rYA http://web20.kingdee.com/down http://kdeas.kingdee.com/easfiles/easdoc/files/ ``` http://www.kingdee.com/sitemap.xml 网站地图 配置错误导致遍历漏洞，监控log文件报告，可以找到关键sql语句 配置文件信息外露，代码泄露！ ### 漏洞证明： [<img src="https://images.seebug.org/upload/201304/17105138dada7b9d56cd85ef3c4865341a2ebce6.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17105138dada7b9d56cd85ef3c4865341a2ebce6.jpg) [<img src="https://images.seebug.org/upload/201304/1710512782addc1ffba2f13bd971072278032491.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/1710512782addc1ffba2f13bd971072278032491.jpg) [<img src="https://images.seebug.org/upload/201304/17105111d87b72a0e54e93ebd22f9158b5d9811c.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17105111d87b72a0e54e93ebd22f9158b5d9811c.jpg) [<img src="https://images.seebug.org/upload/201304/1710505722e2e43223073b330370a2b4da9161b3.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/1710505722e2e43223073b330370a2b4da9161b3.jpg) [<img src="https://images.seebug.org/upload/201304/17105030eb334c84079c91e13569e2f477e68ae1.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17105030eb334c84079c91e13569e2f477e68ae1.jpg) [<img src="https://images.seebug.org/upload/201304/17112905479873e6df1854e61eb392dfca36adc3.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17112905479873e6df1854e61eb392dfca36adc3.jpg) [<img src="https://images.seebug.org/upload/201304/17112847981b5ad8619c9f0908ae1282b123f234.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17112847981b5ad8619c9f0908ae1282b123f234.jpg) [<img src="https://images.seebug.org/upload/201304/17112745fc78feffc09fcea848d12eda20d354d6.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17112745fc78feffc09fcea848d12eda20d354d6.jpg) [<img src="https://images.seebug.org/upload/201304/17112734f0046fcbb99ef138d17bd21224074bdf.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201304/17112734f0046fcbb99ef138d17bd21224074bdf.jpg)