漏洞描述
用友NC是一款企业级ERP软件。用友NC存在远程命令执行漏洞,攻击者利用该漏洞可在未授权的情况实现远程命令执行
yonyouNC 任意命令执行
PoC代码
暂无相关漏洞推荐
- yonyou-nc-arbitrary-file-upload: Yonyou NC Arbitrary file upload
- yonyou-nc-monitorservlet-rce: Yonyou NC monitors servlet RCE
- yonyou-nc-ncmessageservlet-rce: Yonyou NC messages servlet RCE
- yonyou-nc-uploadservlet-rce: Yonyou NC upload servlet rce
- POC yonyou-nc-accept-upload: YonYou NC Accept Upload
- POC yonyou-nc-cloud-getStaffInfo-sqli: Yonyou NC-Cloud getStaffInfo SQL Injection
- POC yonyou-nc-portalsesInittoolservice-disclosure: 用友 portalsesInittoolservice 泄露数据库账号密码
- POC yonyou-nc-savexmltofileservlet-fileupload: YONYOU NC saveXmlToFIleServlet接口文件上传
- POC yonyou-nccloud-iupdateservice-xxe: 用友NC Cloud IUpdateService接口存在XXE漏洞
- POC yonyou-filereceiveservlet-fileupload: Yonyou NC FileReceiveServlet - Aribitrary File Upload
- POC yonyou-nc-accept-fileupload: YonYou NC Accept Upload - Arbitray File Upload
- POC yonyou-nc-baseapp-deserialization: Yonyou NC BaseApp UploadServlet - Deserialization Detect
- POC yonyou-nc-dispatcher-fileupload: Yonyou NC ServiceDispatcher Servlet - Arbitrary File Upload