泛微OA e-office平台uploadify.php任意文件上传 -- Pan Micro OA e-office Platform Uploadify.php Arbitrary File Upload Vulnerability
I have developed a tool for local testing and POC development, which is for technical learning reference only. Please do not use it for illegal purposes. Any direct or indirect consequences and losses caused by individuals or organizations using the information provided in this article are the responsibility of the user themselves and have nothing to do with the author!!!
The all-new digital OA pan micro e-office 11.0, a pan micro standard collaborative office platform, enriches business scenarios and is ready to use out of the box. Mature approval templates are imported with one click, personalized application visualization is constructed, and heterogeneous systems are quickly connected to achieve full digital control of business approval, online signing, data storage, and other aspects.
pip install -r requirements.txt
python "泛微OA e-office平台uploadify.php任意文件上传.py" -h
usage: 泛微OA e-office平台uploadify.php任意文件上传.py [-h] (-u URL | -f FILE) [--upload UPLOAD] [--random-agent RANDOM_AGENT | -a USERAGENT] [-d DELAY] [-t THREAD] [--proxy PROXY] [--file-type FILE_TYPE]
Pan Micro OA e-office Platform Uploadify.php Arbitrary File Upload Vulnerability
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Enter target object
-f FILE, --file FILE Input target object file
--upload UPLOAD Enter the filepath
--random-agent RANDOM_AGENT
Using random user agents
-a USERAGENT, --useragent USERAGENT
Using the known User-agent
-d DELAY, --delay DELAY
Set multi threaded access latency (setting range from 0 to 5)
-t THREAD, --thread THREAD
Set the number of program threads (setting range from 1 to 50)
--proxy PROXY Set up the proxy
--file-type FILE_TYPE
Upload file type(default is PHP)