admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/JeeSpringCloud_uploadFile.jsp_file_upload_vulnerability.md

13 lines
1.1 KiB
Markdown
Raw Permalink Blame History

## JeeSpringCloud uploadFile.jsp file upload vulnerability
| **Vulnerability** | JeeSpringCloud uploadFile.jsp file upload vulnerability |
| :----: | :-----|
| **Chinese name** | JeeSpringCloud uploadFile.jsp 文件上传漏洞 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="JeeSpringCloud"](https://en.fofa.info/result?qbase64=Ym9keT0iL2plZVNwcmluZ1N0YXRpYy9wbHVncy9qcXVlcnkvanF1ZXJ5IiB8fCBoZWFkZXI9ImNvbS5qZWVzcHJpbmcuc2Vzc2lvbi5pZCIgfHwgaGVhZGVyPSJjb20uamVlc3ByaW5nLnNlc3Npb24uaWQi)|
| **Number of assets affected** | 282 |
| **Description** | JeeSpringCloud is a free and open source Java Internet cloud rapid development platform.JeeSpringCloud can upload any file by accessing /static/uploadify/uploadFile.jsp and specify the file upload path through the ?uploadPath parameter, causing the server to be controlled. |
| **Impact** | An attacker can use this vulnerability to write a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/10/12/800e0ccfe95d6cbb.gif)
Reference in New Issue View Git Blame Copy Permalink