CVE-2024-50652: java_shop 任意文件上传漏洞

从这个网页截图中，可以获取到以下关于漏洞的关键信息： 1. 漏洞编号：CVE-2024-50652 2. 目标系统：https://github.com/eeeeeek/java_shop 3. 受影响版本：<=1.0 4. 描述：系统存在任意文件上传漏洞，攻击者可以通过修改头像功能上传任意文件。 5. 漏洞细节： - 请求方法：POST - 请求路径：/api/myapp/index/user/update?id=92 - 请求头： - Host: shop.gitapp.cn - Connection: keep-alive - Accept: application/json, text/plain, / - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYdw0tzAYBT1BHUVM - sec-ch-ua: "Chromium";v="124", "Microsoft Edge";v="124", "Not-A.Brand";v="99" - sec-ch-ua-mobile: ?0 - sec-ch-ua-platform: "Windows" - Origin: https://shop.gitapp.cn - Sec-Fetch-Site: same-origin - Sec-Fetch-Mode: cors - Sec-Fetch-Dest: empty - Referer: https://github.com/eeeeeek/java_shop - 请求体： - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: application/octet-stream - Content-Disposition: form-data; name="avatar"; filename="1.txt" - Content-Type: applicati

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2024-50652: java_shop 任意文件上传漏洞

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2024-50652: java_shop 任意文件上传漏洞

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！