漏洞描述
广联达oa 存在任意文件上传漏洞。需要先利用 广联达 OA SQL注入漏洞获取 admin 密码,然后登录后通过 /gtp/im/services/group/msgbroadcastuploadfile.aspx 文件上传接口上传任意文件。
FOFA: body="/Services/Identification/"
glodon-oa-msgbroadcastuploadfile-uploadfile: 广联达oa 后台文件上传漏洞 (需登录)
PoC代码
暂无相关漏洞推荐
- showdoc-uploadfile: Showdoc Uploadfile
- POC enjoyscm-uploadfile: enjoyscm UploadFile任意文件上传
- POC glodon-linkworks-getimdirectionary-sqli: 广联达 Linkworks GetIMDictionary SQL 注入
- POC glodon-linkworks-Getuserbyusercode-sqli: 广联达oa Linkworks Getuserbyusercode 存在SQL注入
- POC glodon-linkworks-gwgdwebservice-sqli: 广联达 Linkworks GWGdWebService SQL 注入
- POC glodon-linkworks-Service.asmx-disclosure: 广联达oa Linkworks Service.asmx 敏感信息泄露
- POC h5-yun-commodtiy-uploadfile: H5 云商城 file.php 文件上传
- POC secworld-secgate3600-objappupfile-uploadfile: 网神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞
- POC tongda-v2017-uploadfile: 通达OA v2017 action_upload.php 任意文件上传漏洞
- POC yonyou-cloud-jsinvoke-uploadfile: 用友 NC Cloud jsinvoke 任意文件上传
- POC yonyou-grp-u8-app-proxy-uploadfile: 用友 GRP-U8 U8AppProxy 任意文件上传
- POC yonyou-u8-crm-getemaildata-uploadfile: 用友 U8 CRM客户关系管理系统 getemaildata.php 任意文件上传漏洞
- POC glodon-linkworks-sqli: Glodon Linkworks GWGdWebService - SQL injection