From 0c9b6a34ed3665e92e42a40d5ac2d939f5506f4e Mon Sep 17 00:00:00 2001
From: mahui <mahui@baimaohui.net>
Date: Sun, 13 Dec 2020 22:31:43 +0800
Subject: [PATCH] ADD drupal_6340

---
 Seeyon/htmlofficeservlet_uploadfile_getshell/README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Seeyon/htmlofficeservlet_uploadfile_getshell/README.md b/Seeyon/htmlofficeservlet_uploadfile_getshell/README.md
index 34e5491..71b4115 100644
--- a/Seeyon/htmlofficeservlet_uploadfile_getshell/README.md
+++ b/Seeyon/htmlofficeservlet_uploadfile_getshell/README.md
@@ -1,11 +1,11 @@
-# CVE-2020-24571 NexusDB path traversal
+# Seeyon OA htmlofficeservlet upload file getshell
 
-NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
+致远是从事OA办公自动化软件的开发销售与服务工作，致远OA在国内使用广泛。该漏洞可造成任意文件上传，恶意攻击者通过精心构造POST数据来上传JSP Webshell，提升服务器权限，从而控制服务器或对系统造成破坏。
 
-**Affected version**: nexusdb < 4.50.23
+**Affected version**: 致远A8-V5协同管理软件 V6.1sp1、致远A8+协同管理软件
 
-**[FOFA](https://fofa.so/result?q=header%3D%22Server%3A+NexusDB%22&qbase64=aGVhZGVyPSJTZXJ2ZXI6IE5leHVzREIi&file=&file=) query rule**: header="Server: NexusDB"
+**[FOFA](https://fofa.so/result?qbase64=YXBwPSJZb255b3UtU2VleW9uLU9BIiB8fCBhcHA9IlNlZXlvbi1TZXJ2ZXIi) query rule**: app="Yonyou-Seeyon-OA" || app="Seeyon-Server"
 
 # Demo
 
-![](CVE-2020-24571.gif)
\ No newline at end of file
+![](zhiyuan_htmlofficeservlet_getshell.gif)
\ No newline at end of file