GobyVuls/JingHang/JingHang online marking Arbitrary File Upload

JingHang online marking Arbitrary File Upload

Hengshui Jinhang Online Marking System fileUpload has an arbitrary file upload vulnerability. Attackers can use this vulnerability to upload malicious Trojan horses to obtain sensitive system information, control server permissions, etc.

FOFA query rule: title="金航网上阅卷系统" || body="金航网上阅卷系统"

Demo