From 94930604537b2b10eacbbc0c2ae3119003bbe84b Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Wed, 6 Sep 2023 17:36:51 +0800
Subject: [PATCH] Create UF_U8_Cloud_upload.jsp_file_upload_vulnerability.md

---
 UF_U8_Cloud_upload.jsp_file_upload_vulnerability.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 UF_U8_Cloud_upload.jsp_file_upload_vulnerability.md

diff --git a/UF_U8_Cloud_upload.jsp_file_upload_vulnerability.md b/UF_U8_Cloud_upload.jsp_file_upload_vulnerability.md
new file mode 100644
index 0000000..4592c39
--- /dev/null
+++ b/UF_U8_Cloud_upload.jsp_file_upload_vulnerability.md
@@ -0,0 +1,12 @@
+## UF U8 Cloud upload.jsp file upload vulnerability
+
+|   **Vulnerability**  | **UF U8 Cloud upload.jsp file upload vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | 用友 U8 Cloud upload.jsp 文件上传漏洞 |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [body="开启U8 cloud云端之旅"](https://en.fofa.info/result?qbase64=Ym9keT0i5byA5ZCvVTggY2xvdWTkupHnq6%2FkuYvml4Ui) |
+| **Number of assets affected**  | 13473 |
+| **Description**  | yonyou U8 cloud is a cloud ERP developed by yonyou.There is a file upload vulnerability in yonyou U8 upload.jsp, which can be exploited by attackers to gain server privileges. |
+| **Impact** | Attackers can use this vulnerability to upload file, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
+
+![](https://s3.bmp.ovh/imgs/2023/09/06/407cf745d8210300.gif)