漏洞描述
攻击者可通过refreshtoken接口获取token,影响U9CE、U9CS和U9V6.6E所有只通过校验token的api接口,可造成数据泄露业务被破坏等问题
关于U9 cloud存在逻辑缺陷漏洞的情况通告
PoC代码
暂无相关漏洞推荐
- 用友 u8-cloud VouchFormulaCopyAction sql注入
- huijietong-cloud-fileread: Huijietong Cloud File Read
- mapgis-cloud-manager-local-file-read: MapGis Cloud Manager Local File Read
- western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- 用友 U8 Cloud /u8cloud/api/hrta/returnleave/callback SQL 注入漏洞
- 关于U9 cloudERP软件接口Print/PDFDirectPrint.aspx存在命令执行漏洞的安全通告
- POC ack-cluster-cloud-monitor-disable: Cloud Monitor for ACK Clusters - Disable
- POC cloudfront-compress-object: CloudFront Compress Objects Automatically
- POC cloudfront-custom-certificates: Cloudfront Custom SSL/TLS Certificates - In Use
- POC cloudfront-insecure-protocol: CloudFront Insecure Origin SSL Protocols
- POC cloudfront-integrated-waf: CloudFront Integrated With WAF
- POC cloudfront-logging-disabled: Cloudfront Logging Disabled
- POC cloudfront-security-policy: CloudFront Security Policy