2021-08-02 02:07:14 +00:00
id : zhiyuan-file-upload
info :
2022-02-04 15:54:04 +00:00
name : Zhiyuan OA Arbitrary File Upload Vulnerability
2021-08-02 02:07:14 +00:00
author : gy741
severity : critical
2022-02-04 15:54:04 +00:00
description : A vulnerability in Zhiyuan OA allows remote unauthenticated attackers to upload arbitrary files to the remote server and cause execute arbitrary code to be executed.
2023-10-14 11:27:55 +00:00
remediation : Apply the appropriate patch.
2022-04-22 10:38:41 +00:00
reference :
- https://www.programmersought.com/article/92658169875/
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-10-14 11:27:55 +00:00
tags : zhiyuan,rce,fileupload,seeyon,intrusive
2021-08-02 02:07:14 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-08-02 02:07:14 +00:00
- method : GET
path :
- "{{BaseURL}}/seeyon/thirdpartyController.do.css/..;/ajax.do"
matchers-condition : and
matchers :
- type : word
words :
- "java.lang.NullPointerException:null"
- type : word
words :
- "text/html"
part : header
- type : status
status :
- 200
2023-10-20 11:41:13 +00:00
# digest: 490a0046304402200c6b8d0165c33a47c7bc941254b92437d5aeea60068599ffc89e8a0d00716957022005e23699f52f16bf99099ba35dd6030ad2aa48f22d81aadc742957bd35b2be44:922c64590222798bb761d5b6d8e72950