Spring Cloud Environment: CVE-2022-28525 (file upload vulnerability)

Enterprise 2023-05-17 11:56:31 views: null

Table of contents

2. Burp captures packets and changes packets

3. Ant sword obtains flag

1. Topic

ED01CMSv20180505 has an arbitrary file upload vulnerability

English is not enough to translate to make up:

Clicking on other pages will result in Not Found:

Log in first to see:

Try the universal password: admin: 123

Found the error:

1. Login

admin: admin

Successfully logged in:

Localize it:

psots can be added:

The result of uploading the php Trojan was unsuccessful:

It seems that uploading files other than images is not allowed:

Packet capture modification:

jpg to php

It still fails, maybe it's not authorized.

find next:

The users user module can add:

Try uploading jpg:

successfully uploaded:

Find the jpg pictures we uploaded:

2. Burp captures packets and changes packets

Burp captures packets:

Replayer mod:

The picture jpg is changed to php format, and a Trojan horse is written inside:

In the website directory xxx/images, you can see the file we just uploaded:

3. Ant sword obtains flag

Go directly to Ant Sword:

As shown in the picture:

Find the flag in the root directory:

View flags:

flag{eef2667a-4c3c-4b61-b816-4b883c32e4ac}

Guess you like

Origin blog.csdn.net/m0_65712192/article/details/130233976

Spring Cloud Environment: CVE-2022-28525 (file upload vulnerability)

Spring Cloud Environment: CVE-2022-29464 (WSO2 file upload vulnerability)

Spring Cloud Environment: CVE-2022-25411 (Maxsite CMS file upload vulnerability)

Spring Cloud Environment: CVE-2022-23880 (taoCMS v3.0.2 arbitrary file upload vulnerability)

Spring Cloud Environment: CVE-2022-25401 (arbitrary file read vulnerability)

Spring Cloud Environment: CVE-2022-26201 (secondary injection vulnerability)

Spring Cloud Mirror: CVE-2018-19422 (Subrion CMS 4.2.1 has a file upload vulnerability)

Spring and Autumn Cloud Environment: CVE-2022-25578 (file included)

Spring Cloud Environment: CVE-2022-24663 (remote code execution vulnerability exp)

Chunqiu Cloud Mirror: CVE-2019-9042 (Sitemagic CMS v4.4 arbitrary file upload vulnerability)

File upload vulnerability (File Upload)

Spring Cloud Environment: CVE-2022-25411 (Maxsite CMS file upload vulnerability)

Upload File Vulnerability

File upload Parsing Vulnerability

File upload vulnerability

File Upload Vulnerability Attack

File Upload Vulnerability Bypass

CVE-2022-22947 - Spring Cloud Gateway RCE Vulnerability

File upload vulnerability - file upload detection and bypass

Weblogic arbitrary file upload vulnerability (CVE-2018-2894) reproduction

CVE-2018-2894 weblogic arbitrary file upload vulnerability recurrence

Vulnerability reproduction CVE-2018-2894 weblogic file upload

[Vulnerability Recurrence] WordPress plugin wp-file-manager arbitrary file upload vulnerability (CVE-2020-25213)

VUE+Element+Spring Cloud implements file upload function (upload) + file deletion function (remove) + configures spring cloud file upload path

The web security file upload vulnerability

Small file upload vulnerability summary

Mozi School file upload vulnerability

1.2 Parsing vulnerability of file upload

1.2 Parsing vulnerability of file upload

File upload vulnerability bypass method

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)