漏洞描述
东莞同享软件科技公司是SAP中国金牌合作伙伴,提供的SAP BusinessOne是一套价格合理、易于实施的中小企业综合业务管理解决方案,该系统存在文件上传,通过文件上传可以达到命令执行效果,攻击者可利用该漏洞获取敏感信息。
同享软件科技 controller.ashx 文件上传命令执行
PoC代码
暂无相关漏洞推荐
- 万户OA /defaultroot/yzConvertFile/file2Html.controller 任意文件上传漏洞
- jeecgboot-commoncontroller-parserxml-fileupload: Jeecgboot commonController parserXml fileupload
- shiziyu-cms-apicontroller-sqli: shiziyu cms apicontroller sqli
- 万户OA /defaultroot/yzConvertFile/file2Html.controller 服务器端请求伪造漏洞
- POC 74cms-ajax-personal-controller-class-php-sqlinject: 74 CMS 5.0.1 SQL 注入漏洞
- POC metersphere-plugincontroller-rce: MeterSphere PluginController Pre-auth RCE
- POC shiziyu-cms-apigood-controller-sql-injection: 狮子鱼CMS ApigoodController.class.php SQL注入漏洞
- POC thinkphp5-controller-rce: thinkphp5-controller-rce
- POC wanhu-oa-fileupload-controller-upload: 万户 OA fileupload.controller 文件上传漏洞
- POC yongyou-changjietong-addresssettingcontroller-ssrf: 用友畅捷通AddressSettingController-SSRF漏洞
- POC shiziyu-cms-apicontroller-sqli: Shiziyu CMS Api Controller - SQL Injection
- POC wanhu-oa-fileupload-controller: Wanhu OA Fileupload Controller - Arbitrary File Upload
- 万户 ezOFFICE 系统 fileUpload.controller 文件上传漏洞