From 3025991a2e9440773eeefba7c19c0f59d0d9749c Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Fri, 9 Jun 2023 17:58:19 +0800 Subject: [PATCH] Create yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md add yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability --- ...8App_Proxy_Arbitrary_file_upload_vulnerability.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md diff --git a/yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md b/yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md new file mode 100644 index 0000000..03d1f29 --- /dev/null +++ b/yongyou_GRP-U8_U8App_Proxy_Arbitrary_file_upload_vulnerability.md @@ -0,0 +1,12 @@ +## yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability + +| **Vulnerability** | **yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability** | +| :----: | :-----| +| **Chinese name** | 用友GRP-U8 软件 U8AppProxy 任意文件上传漏洞 | +| **CVSS core** | 9.0 | +| **FOFA Query** (click to view the results directly)| [body="window.location.replace(\"login.jsp?up=1\")" \|\| body="GRP-U8"](https://en.fofa.info/result?qbase64=Ym9keT0id2luZG93LmxvY2F0aW9uLnJlcGxhY2UoXCJsb2dpbi5qc3A%2FdXA9MVwiKSIgfHwgYm9keT0iR1JQLVU4Ig%3D%3D) | +| **Number of assets affected** | 1308 | +| **Description** | Yonyou GRP-U8 management software is a new generation of products launched by UFIDA focusing on national e-government affairs and based on cloud computing technology. It is the most professional government financial management software in the field of administrative affairs and finance in my country. UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions.| +| **Impact** | UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions. | + +![](https://s3.bmp.ovh/imgs/2023/06/08/5cccc970d4c3d964.gif)