### 简要描述:
用友某重要系统任意文件上传漏洞之二
### 详细说明:
用友GRP-U8 财务管理软件
该servlet存在漏洞,可直接上传任意文件到服务器
```
None
```
这里为:http://210.44.112.101https://images.seebug.org/upload/chopper.jsp chopper
[<img src="https://images.seebug.org/upload/201504/3023370680b7c729cd12b550ea8651463adbbf06.png" alt="111.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/3023370680b7c729cd12b550ea8651463adbbf06.png)
5个案例:
http://210.44.112.101/UploadFile
http://124.128.96.98:8001/UploadFile
http://61.139.105.105:8008/UploadFile
http://125.67.66.250:801/UploadFile
http://210.41.128.120:8002/UploadFile
### 漏洞证明:
http://210.44.112.101https://images.seebug.org/upload/chopper.jsp chopper
[<img src="https://images.seebug.org/upload/201504/3023370680b7c729cd12b550ea8651463adbbf06.png" alt="111.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/3023370680b7c729cd12b550ea8651463adbbf06.png)
京公网安备 11010502034610号
暂无评论