Metrics
0
Watch 2.8k Star 5.8k Fork 2.9k

GVP铭飞 / MCMSJavaMIT

Unauthorized upload vulnerability

Open
Devote  Created at

Since this upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First upload a picture horse, then intercept the data packet in the name parameter that changes the suffix name to jsp, after the release request, the server returns the storage path of the webshell.

total 1 participants

Comments (0)

Sign in and comment

Assignee
Labels
Not set
Project
Milestone
Branch
Scheduled start
Not set
Scheduled end
Not set
Top level
Priority

Help Search