漏洞简介
漏洞影响
漏洞复现
可用的BshServlet地址:
https://url/service/~aim/bsh.servlet.BshServlethttps://url/service/~alm/bsh.servlet.BshServlethttps://url/service/~ampub/bsh.servlet.BshServlethttps://url/service/~arap/bsh.servlet.BshServlethttps://url/service/~aum/bsh.servlet.BshServlethttps://url/service/~cc/bsh.servlet.BshServlethttps://url/service/~cdm/bsh.servlet.BshServlethttps://url/service/~cmp/bsh.servlet.BshServlethttps://url/service/~ct/bsh.servlet.BshServlethttps://url/service/~dm/bsh.servlet.BshServlethttps://url/service/~erm/bsh.servlet.BshServlethttps://url/service/~fa/bsh.servlet.BshServlethttps://url/service/~fac/bsh.servlet.BshServlethttps://url/service/~fbm/bsh.servlet.BshServlethttps://url/service/~ff/bsh.servlet.BshServlethttps://url/service/~fip/bsh.servlet.BshServlethttps://url/service/~fipub/bsh.servlet.BshServlethttps://url/service/~fp/bsh.servlet.BshServlethttps://url/service/~fts/bsh.servlet.BshServlethttps://url/service/~fvm/bsh.servlet.BshServlethttps://url/service/~gl/bsh.servlet.BshServlethttps://url/service/~hrhi/bsh.servlet.BshServlethttps://url/service/~hrjf/bsh.servlet.BshServlethttps://url/service/~hrpd/bsh.servlet.BshServlethttps://url/service/~hrpub/bsh.servlet.BshServlethttps://url/service/~hrtrn/bsh.servlet.BshServlethttps://url/service/~hrwa/bsh.servlet.BshServlethttps://url/service/~ia/bsh.servlet.BshServlethttps://url/service/~ic/bsh.servlet.BshServlethttps://url/service/~iufo/bsh.servlet.BshServlethttps://url/service/~modules/bsh.servlet.BshServlethttps://url/service/~mpp/bsh.servlet.BshServlethttps://url/service/~obm/bsh.servlet.BshServlethttps://url/service/~pu/bsh.servlet.BshServlethttps://url/service/~qc/bsh.servlet.BshServlethttps://url/service/~sc/bsh.servlet.BshServlethttps://url/service/~scmpub/bsh.servlet.BshServlethttps://url/service/~so/bsh.servlet.BshServlethttps://url/service/~so2/bsh.servlet.BshServlethttps://url/service/~so3/bsh.servlet.BshServlethttps://url/service/~so4/bsh.servlet.BshServlethttps://url/service/~so5/bsh.servlet.BshServlethttps://url/service/~so6/bsh.servlet.BshServlethttps://url/service/~tam/bsh.servlet.BshServlethttps://url/service/~tbb/bsh.servlet.BshServlethttps://url/service/~to/bsh.servlet.BshServlethttps://url/service/~uap/bsh.servlet.BshServlethttps://url/service/~uapbd/bsh.servlet.BshServlethttps://url/service/~uapde/bsh.servlet.BshServlethttps://url/service/~uapeai/bsh.servlet.BshServlethttps://url/service/~uapother/bsh.servlet.BshServlethttps://url/service/~uapqe/bsh.servlet.BshServlethttps://url/service/~uapweb/bsh.servlet.BshServlethttps://url/service/~uapws/bsh.servlet.BshServlethttps://url/service/~vrm/bsh.servlet.BshServlethttps://url/service/~yer/bsh.servlet.BshServlet
http://url/servlet/~ic/bsh.servlet.BshServlet
nuclei-pocs
漏洞修复
厂商已提供漏洞修补方案,补丁下载地址:http://umc.yonyou.com/ump/querypatchdetailedmng?PK=18981c7af483007db179a236016f594d37c01f22aa5f5d19
原文始发于微信公众号(北极星sec):(CNVD-2021-30167)用友nc v6.5 远程命令执行漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论