GithubHelp home page GithubHelp logo

yonyou_exp_plus's Introduction

更新日志

2022.01.25:
1、 增加 用友ERP-NC 目录遍历漏洞、用友 NC bsh.servlet.BshServlet 远程命令执行漏洞。

工具介绍

用友系列全漏洞检查工具plus版,收录漏洞如下:

用友 NC XbrlPersistenceServlet反序列化
用友 NC bsh.servlet.BshServlet 远程命令执行漏洞
用友 NC 反序列化RCE漏洞
用友 NCCloud FS文件管理SQL注入
用友 U8 OA test.jsp SQL注入漏洞
用友ERP-NC 目录遍历漏洞
用友GRP-U8行政事业财务管理软件 SQL注入

首次使用请安装依赖:

python3 install -r requirements.txt

使用方法:

Usage:
python3 yonyou_exp.py -u url
python3 yonyou_exp.py -u url --att
python3 yonyou_exp.py -f url.txt
python3 yonyou_exp.py -f url.txt --att

Options:
  -h, --help            show this help message and exit
  -u URL, --url=URL     target url
  -f FILE, --file=FILE  url file
  --att                 Get Shell

python3 seeyon_exp.py -u url


python3 seeyon_exp.py -u url  --att



默认使用冰蝎3的webshell,密码为rebeyond

扫码结果保存为result.txt,使用批量扫描时,建议先筛选出存活url

声明:仅用于授权测试,请勿用于非法用途,违者后果自负!

参考链接:

https://github.com/PeiQi0/PeiQi-WIKI-POC/tree/PeiQi/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA

yonyou_exp_plus's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.