VULHUB ™

### 简要描述： 两处任意文件上传漏洞 ### 详细说明： 技术支持：邯郸市连邦软件发展有限公司 波及多家政务服务系统，可直接上传获取webshell。【声明：未做任何破坏】 两处任意文件上传： 第一处： ``` http://121.18.89.108/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.lxxzfwzx.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.wdxxzfwzx.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.gbdqyw.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.bdxzfw.cn/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.rzfwzx.gov.cn/workplate/comm/xzsp/form/aspxforms/fzlist.aspx ``` 第二处： ``` http://121.18.89.108/workplate/comm/attachment/list.aspx http://www.lxxzfwzx.com/workplate/comm/attachment/list.aspx http://www.wdxxzfwzx.com/workplate/comm/attachment/list.aspx http://www.gbdqyw.com/workplate/comm/attachment/list.aspx http://www.bdxzfw.cn/workplate/comm/attachment/list.aspx http://www.rzfwzx.gov.cn/workplate/comm/attachment/list.aspx ``` ### 漏洞证明： http://121.18.89.108/workplate/comm/xzsp/form/aspxforms/fzlist.aspx 直接上传，无任何过滤 [<img...

### 简要描述： 两处任意文件上传漏洞 ### 详细说明： 技术支持：邯郸市连邦软件发展有限公司 波及多家政务服务系统，可直接上传获取webshell。【声明：未做任何破坏】 两处任意文件上传： 第一处： ``` http://121.18.89.108/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.lxxzfwzx.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.wdxxzfwzx.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.gbdqyw.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.bdxzfw.cn/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.rzfwzx.gov.cn/workplate/comm/xzsp/form/aspxforms/fzlist.aspx ``` 第二处： ``` http://121.18.89.108/workplate/comm/attachment/list.aspx http://www.lxxzfwzx.com/workplate/comm/attachment/list.aspx http://www.wdxxzfwzx.com/workplate/comm/attachment/list.aspx http://www.gbdqyw.com/workplate/comm/attachment/list.aspx http://www.bdxzfw.cn/workplate/comm/attachment/list.aspx http://www.rzfwzx.gov.cn/workplate/comm/attachment/list.aspx ``` ### 漏洞证明： http://121.18.89.108/workplate/comm/xzsp/form/aspxforms/fzlist.aspx 直接上传，无任何过滤 [<img src="https://images.seebug.org/upload/201504/012122036599e2b86eba51d77604035bd6efeb63.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/012122036599e2b86eba51d77604035bd6efeb63.png) http://121.18.89.108/workplatehttps://images.seebug.org/upload/attachment/20150401214013.aspx F4ck [<img src="https://images.seebug.org/upload/201504/012122459e0a69c1a7e497ac6d8ebc20064bb181.png" alt="s.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/012122459e0a69c1a7e497ac6d8ebc20064bb181.png) http://www.wdxxzfwzx.com/workplatehttps://images.seebug.org/upload/attachment/20150401211520.aspx http://www.gbdqyw.com/workplatehttps://images.seebug.org/upload/attachment/20150401214516.aspx http://www.bdxzfw.cn/workplatehttps://images.seebug.org/upload/attachment/20150401214617.aspx http://www.rzfwzx.gov.cn/workplatehttps://images.seebug.org/upload/attachment/20150401210218.aspx#