# 锐捷云课堂主机 目录遍历漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

锐捷云课堂主机存在目录遍历漏洞，通过访问get请求/pool/，即可读取目录.导致敏感信息泄露.

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

锐捷云课堂

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

title="Ruijie" && "云课堂主机"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

访问 <http://xxx.xxx.xxx.xxx/pool> 造成目录遍历

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-MhrWIG6-dKy_RJdfVF9%2Fimage.png?alt=media\&token=5a40d197-4edb-4b39-967d-fcee05eda9a2)