漏洞简介
漏洞影响
漏洞复现
可用的BshServlet地址:
https://url/service/~aim/bsh.servlet.BshServlet
https://url/service/~alm/bsh.servlet.BshServlet
https://url/service/~ampub/bsh.servlet.BshServlet
https://url/service/~arap/bsh.servlet.BshServlet
https://url/service/~aum/bsh.servlet.BshServlet
https://url/service/~cc/bsh.servlet.BshServlet
https://url/service/~cdm/bsh.servlet.BshServlet
https://url/service/~cmp/bsh.servlet.BshServlet
https://url/service/~ct/bsh.servlet.BshServlet
https://url/service/~dm/bsh.servlet.BshServlet
https://url/service/~erm/bsh.servlet.BshServlet
https://url/service/~fa/bsh.servlet.BshServlet
https://url/service/~fac/bsh.servlet.BshServlet
https://url/service/~fbm/bsh.servlet.BshServlet
https://url/service/~ff/bsh.servlet.BshServlet
https://url/service/~fip/bsh.servlet.BshServlet
https://url/service/~fipub/bsh.servlet.BshServlet
https://url/service/~fp/bsh.servlet.BshServlet
https://url/service/~fts/bsh.servlet.BshServlet
https://url/service/~fvm/bsh.servlet.BshServlet
https://url/service/~gl/bsh.servlet.BshServlet
https://url/service/~hrhi/bsh.servlet.BshServlet
https://url/service/~hrjf/bsh.servlet.BshServlet
https://url/service/~hrpd/bsh.servlet.BshServlet
https://url/service/~hrpub/bsh.servlet.BshServlet
https://url/service/~hrtrn/bsh.servlet.BshServlet
https://url/service/~hrwa/bsh.servlet.BshServlet
https://url/service/~ia/bsh.servlet.BshServlet
https://url/service/~ic/bsh.servlet.BshServlet
https://url/service/~iufo/bsh.servlet.BshServlet
https://url/service/~modules/bsh.servlet.BshServlet
https://url/service/~mpp/bsh.servlet.BshServlet
https://url/service/~obm/bsh.servlet.BshServlet
https://url/service/~pu/bsh.servlet.BshServlet
https://url/service/~qc/bsh.servlet.BshServlet
https://url/service/~sc/bsh.servlet.BshServlet
https://url/service/~scmpub/bsh.servlet.BshServlet
https://url/service/~so/bsh.servlet.BshServlet
https://url/service/~so2/bsh.servlet.BshServlet
https://url/service/~so3/bsh.servlet.BshServlet
https://url/service/~so4/bsh.servlet.BshServlet
https://url/service/~so5/bsh.servlet.BshServlet
https://url/service/~so6/bsh.servlet.BshServlet
https://url/service/~tam/bsh.servlet.BshServlet
https://url/service/~tbb/bsh.servlet.BshServlet
https://url/service/~to/bsh.servlet.BshServlet
https://url/service/~uap/bsh.servlet.BshServlet
https://url/service/~uapbd/bsh.servlet.BshServlet
https://url/service/~uapde/bsh.servlet.BshServlet
https://url/service/~uapeai/bsh.servlet.BshServlet
https://url/service/~uapother/bsh.servlet.BshServlet
https://url/service/~uapqe/bsh.servlet.BshServlet
https://url/service/~uapweb/bsh.servlet.BshServlet
https://url/service/~uapws/bsh.servlet.BshServlet
https://url/service/~vrm/bsh.servlet.BshServlet
https://url/service/~yer/bsh.servlet.BshServlet
http://url/servlet/~ic/bsh.servlet.BshServlet
nuclei-pocs
漏洞修复
厂商已提供漏洞修补方案,补丁下载地址:http://umc.yonyou.com/ump/querypatchdetailedmng?PK=18981c7af483007db179a236016f594d37c01f22aa5f5d19
原文始发于微信公众号(北极星sec):(CNVD-2021-30167)用友nc v6.5 远程命令执行漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论