banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

A practical tool that integrates high-risk vulnerability exploits

#渗透29
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The tool described utilizes the ExpDemo-JavaFX project, developed in a JDK 1.8 environment, to replicate and analyze vulnerabilities across various OA systems, including those from companies like Yonyou, Fanwei, and Kingdee. It focuses on command execution and file upload vulnerabilities, ensuring accuracy and minimizing false positives. The summary of vulnerabilities by company includes: - **Yonyou**: Remote command execution, file upload, deserialization, and file writing vulnerabilities. - **Fanwei**: File upload, remote command execution, SQL injection, and unauthorized command execution. - **Lanling**: Arbitrary user login and file upload vulnerabilities. - **Wanhua**: User password leaks and file upload vulnerabilities. - **Finer**: Unauthorized command execution and SQL injection. - **Zhiyuan**: Session leaks and file upload vulnerabilities. - **Tongda**: Arbitrary user login and file upload vulnerabilities. - **Hongfan**: Arbitrary file upload and writing vulnerabilities. - **Jinhe**: Command execution and file upload vulnerabilities. - **Kingdee**: Deserialization and file upload vulnerabilities. - **Guanglian**: SQL injection and arbitrary user login vulnerabilities. - **Huatiandongli**: Login bypass and file upload vulnerabilities. This information categorizes the security vulnerabilities associated with each company. For more details, visit the provided GitHub link.

Tool Introduction This tool uses the ExpDemo-JavaFX project, retaining the core data packet request interface, developed in the jdk1.8 environment. Currently, multiple series have been written for OA, devices, frameworks, products, etc., to reproduce and analyze related vulnerabilities, striving to avoid false positives and ensure effectiveness of the exploits. As of now, a total of 12 OAs have been implemented, including Youyou, Fanwei, Lanling, Wanhua, Fanruan Report, Zhiyuan, Tongda, Hongfan, Jinhe, Kingdee, Guanglian, and Huatiandongli. All are command execution and file upload vulnerabilities, including both frontend and backend.

The following is a compilation of security vulnerability information based on different companies (Youyou, Fanwei, Lanling, Wanhua, Fanruan Report, Zhiyuan, Tongda, Hongfan, Jinhe, Kingdee, Guanglian, Huatiandongli):

Youyou
Remote Command Execution

NC-BshServlet
NC-BshServlet-bypass

File Upload

NC accept
NC uapim
NC mp
NC saveXmlToFileServlet
NC FileManager
NC saveImageServlet

Deserialization

NC Deserialization-1
NC Deserialization-2
NC Deserialization-3
File Writing

NC Cloud
NC Cloud uploadChunk
NC Cloud importhttpscer

Others

U8CRM swfupload
U8CRM getemaildata
U8CRM crmtools
GRP-U8 UploadFileData
GRP-U8 U8AppProxy
GRP-U8 services
GRP-U8 servlet
U8C Deserialization-1
U8C Deserialization-2
U8C esnserver
U9 PatchFile
Changjie Tong T+ Password Reset
Changjie Tong T+ File Upload-1
Changjie Tong T+ File Upload-2
Changjie Tong T+ GetStoreWarehouseByStore Deserialization
KSOA ImageUpload
KSOA Attachment
Mobile Management Platform Apk File Upload
Mobile Management Platform Icon File Upload
U8-OA File Upload
UFIDA NC File Writing

Fanwei

File Upload

eoffice OfficeServer
eoffice UploadFile
eoffice uploadify
eoffice ajax
ecology FileClient
ecology KtreeUploadAction
ecology uploaderOperate
ecology weaver.common.Ctrl
ecology Backend Style
ecology Backend Process
ecology Backend Inventory
Remote Command Execution

ecology WorkflowServiceXml
ecology Arbitrary User Login-1
ecology Arbitrary User Login-2
ecology Arbitrary User Brute Force
SQL Injection

ecology Frontend SQL Injection-1
ecology Frontend SQL Injection-2
ecology Frontend SQL Injection-3
Others

emobile client Command Execution
emobile messageType Command Execution
emobile lang2sql File Overwrite

Lanling
Arbitrary User Login

OA SSRF
OA SSRF BeanShell
OA SSRF XmlDecoder
File Upload

OA treexml
OA Interface
OA Theme
OA jg_service
OA sysUiComponent
File Copy

OA Backend Template
Wanhua
User Password Leakage
OA fileUpload
OA officeserverservlet
OA smartUpload
OA OfficeServer
OA senddocument
OA wpsservlet
OA SOAP
OA SOAP Create File
Fanruan Report
Arbitrary File Read

Arbitrary File Read-bypass
Arbitrary File Overwrite
Unauthorized Command Execution

Unauthorized Command Execution-1
Unauthorized Command Execution-2
Unauthorized Command Execution-3
SQL Injection

ReportServer SQL Injection
File Upload

Backend Plugin
Backend Theme
Zhiyuan
Session Leakage

File Upload

processUpload
uploadMenuIcon
ajax
ajax-bypass
wpsAssistServlet
htmlofficeservlet
User Password Reset

Arbitrary User Password Reset
audit-admin User Default Password
audit-admin User Reset Password
File Writing

Backend Template
Backend Template Manager
Backend Table
Backend ofd
Backend jdbc
Backend constDef Code Execution

Tongda
Arbitrary User Login

Login-1
Login-2
Login-3
Login-4
File Upload

Ispirit
ueditor
gateway Deserialization
Backend Attachment
Hongfan
Arbitrary File Upload
Arbitrary File Writing
Jinhe
Command Execution
File Upload
editeprint
EditMain
saveAsOtherFormatServlet
OfficeServer
UploadFileBlock
servlet
jcsUploadServlet
UploadFileEditorSave
viewConTemplate Template Injection
Kingdee
Deserialization
Cloud Star Deserialization-1
Cloud Star Deserialization-2
Cloud Star Deserialization-3
Cloud Star File Upload
EAS file File Upload
EAS logo File Upload
Apusic File Upload
Guanglian
SQL Injection
OA GetIMDictionary
OA Arbitrary User Login
OA User File Upload
OA Backend File Upload
Huatiandongli
Login Bypass
File Upload
ntkoupload
Servlet
The above information is categorized by company, covering their respective types of security vulnerabilities.

https://github.com/cseroad/Exp-Tools#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.