# 泛微OA sysinterface/codeEdit.jsp 页面任意文件上传 WooYun-2015-0155705 ### 漏洞描述泛微OA sysinterface/codeEdit.jsp 页面任意文件上传导致可以上传恶意文件 ### 漏洞描述 Note 较老版本，目前无准确版本 ### 漏洞复现 `filename=******5308.java&filetype=javafilename为文件名称为空时会自动创建一个` ``` String fileid = "Ewv";
String readonly = "";
boolean isCreate = false;
if(StringHelper.isEmpty(fileName)) {
Date ndate = new Date();
SimpleDateFormat sf = new SimpleDateFormat("yyyyMMddHHmmss");
String datetime = sf.format(ndate);
fileid = fileid + datetime;
fileName= fileid + "." + filetype;
isCreate = true;
} else {
int pointIndex = fileName.indexOf(".");
if(pointIndex > -1) {
fileid = fileName.substring(0,pointIndex);
}} ``` ![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm0EXDsKiuDpPeruVH%2F-Mhm2OIFsTs6VIas6MSE%2Fimage.png?alt=media\&token=0ad9094a-c95e-4a53-bdae-6571a53acdd3) ![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm0EXDsKiuDpPeruVH%2F-Mhm2QwCrNo8AV4EC7U_%2Fimage.png?alt=media\&token=5fd88af2-0708-4fb5-8b13-a0ea48c4e78e) ![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm0EXDsKiuDpPeruVH%2F-Mhm2T5PH1jLvwJ8tB5-%2Fimage.png?alt=media\&token=fadffbc9-4c56-4067-b165-d10628614bac) ![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm0EXDsKiuDpPeruVH%2F-Mhm2U_WeB-GP2nzdegp%2Fimage.png?alt=media\&token=77548db2-c12a-47a2-8a9f-39eac0d79788) ![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm0EXDsKiuDpPeruVH%2F-Mhm2XihszguX8kpTzkD%2Fimage.png?alt=media\&token=fe8ce31c-73e8-401b-a6c5-a79d5e080d32) ### 参考文章 [泛微OA未授权可导致GetShell](https://www.uedbox.com/post/15730/)