Vulnerability profile

Torth Chinese retrieval system TRSWAS5.0 web/tree Interface treefile There is a file reading vulnerability in the parameter , Can read the database configuration file 、 Account password and other information , It leads to the disclosure of configuration file information and threatens the security of the website .

The recurrence process

http://xx.com/was5/web/tree?treefile=/WEB-INF/classes/com/trs/was/resource/wasconfig.properties

If the vulnerability exists , The contents of the file are displayed

Means of repair

At present, the official has fixed this vulnerability in the new version , You can download from the official to upgrade the corresponding components or use the files in the attachment trswas.jar Replace directory D:\TRS\TRSWAS5.0\Tomcat\webapps\was5\WEB-INF\lib The files under the

Reference resources

https://blog.csdn.net/weixin_43650289/article/details/109072674