VULHUB ™

### 简要描述： 用友某系统通用漏洞可以读取配置文件 ### 详细说明： 用友某系统通用漏洞涉及多家银行、证券、能源行业、企业 测试了部分网站，还有大量的网站存在此漏洞 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true http://218.94.40.6:8080/hrss/dorado/smartweb2.RPC.d?__rpc=true http://career.sdebank.com/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.yxgroup.cc/hrss/dorado/smartweb2.RPC.d?__rpc=true http://hrzp.gzs.com.cn:9080/hrss/dorado/smartweb2.RPC.d?__rpc=true 1、中国海油招聘网 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/201143313082fd9a657447d3ab1d6061dfb1a35a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201143313082fd9a657447d3ab1d6061dfb1a35a.jpg) http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img...

### 简要描述： 用友某系统通用漏洞可以读取配置文件 ### 详细说明： 用友某系统通用漏洞涉及多家银行、证券、能源行业、企业 测试了部分网站，还有大量的网站存在此漏洞 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true http://218.94.40.6:8080/hrss/dorado/smartweb2.RPC.d?__rpc=true http://career.sdebank.com/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.yxgroup.cc/hrss/dorado/smartweb2.RPC.d?__rpc=true http://hrzp.gzs.com.cn:9080/hrss/dorado/smartweb2.RPC.d?__rpc=true 1、中国海油招聘网 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/201143313082fd9a657447d3ab1d6061dfb1a35a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201143313082fd9a657447d3ab1d6061dfb1a35a.jpg) http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/20114416cd8a51c8aa4eeaaf39fcb52a2d613d9d.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114416cd8a51c8aa4eeaaf39fcb52a2d613d9d.jpg) 2、湖北能源 http://nc.hbny.com.cn:9090/login.jsp [<img src="https://images.seebug.org/upload/201511/201146229d9458cfe65b8bb756e34d4fedfb3d1b.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201146229d9458cfe65b8bb756e34d4fedfb3d1b.png) http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/201147216cc4c00b13cdc317855d9700adf324c5.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201147216cc4c00b13cdc317855d9700adf324c5.png) 3、中冶集团 [<img src="https://images.seebug.org/upload/201511/20114825824f736a7c19464d00ed2db8ccde2073.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114825824f736a7c19464d00ed2db8ccde2073.png) http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/20114835133a388fe19d5a2c0cc439e26fd5a2b5.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114835133a388fe19d5a2c0cc439e26fd5a2b5.png) 4、江苏省电力设计院 http://218.94.40.6:8080/hrss/rm/RmMain.jsp?dsName=ncdl [<img src="https://images.seebug.org/upload/201511/20114933cc7f17e0bdd87c6cfa9cd9d2a2de4742.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114933cc7f17e0bdd87c6cfa9cd9d2a2de4742.png) [<img src="https://images.seebug.org/upload/201511/201149407869a37bc81e2e7dd09373ec81b2c658.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201149407869a37bc81e2e7dd09373ec81b2c658.png) 5、顺德农商银行 http://career.sdebank.com/hrss/rm/RmMain.jsp?dsName=sdns [<img src="https://images.seebug.org/upload/201511/2011503218f29879f4182e01a1c15e36ba07758d.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011503218f29879f4182e01a1c15e36ba07758d.png) [<img src="https://images.seebug.org/upload/201511/2011503840f7ce60c8e5694b79adc093fefaa35a.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011503840f7ce60c8e5694b79adc093fefaa35a.png) 6、涌鑫集团 http://nc.yxgroup.cc [<img src="https://images.seebug.org/upload/201511/2011513484a8ff13479c2d8dff6129a860f8e352.png" alt="10.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011513484a8ff13479c2d8dff6129a860f8e352.png) [<img src="https://images.seebug.org/upload/201511/20115140ca3b0cfb2173f75e512e49c9045f2309.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20115140ca3b0cfb2173f75e512e49c9045f2309.png) 7、广州证券 http://hrzp.gzs.com.cn:9080 [<img src="https://images.seebug.org/upload/201511/2011523258f16b5440eeaeba21e977e1ceb65755.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011523258f16b5440eeaeba21e977e1ceb65755.png) [<img src="https://images.seebug.org/upload/201511/20115238ad19a73266834078416631868102d731.png" alt="13.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20115238ad19a73266834078416631868102d731.png) ### 漏洞证明： 用友某系统通用漏洞涉及多家银行、证券、能源行业、企业 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true http://218.94.40.6:8080/hrss/dorado/smartweb2.RPC.d?__rpc=true http://career.sdebank.com/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.yxgroup.cc/hrss/dorado/smartweb2.RPC.d?__rpc=true http://hrzp.gzs.com.cn:9080/hrss/dorado/smartweb2.RPC.d?__rpc=true 1、中国海油招聘网 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/201143313082fd9a657447d3ab1d6061dfb1a35a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201143313082fd9a657447d3ab1d6061dfb1a35a.jpg) http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/20114416cd8a51c8aa4eeaaf39fcb52a2d613d9d.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114416cd8a51c8aa4eeaaf39fcb52a2d613d9d.jpg) 2、湖北能源 http://nc.hbny.com.cn:9090/login.jsp [<img src="https://images.seebug.org/upload/201511/201146229d9458cfe65b8bb756e34d4fedfb3d1b.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201146229d9458cfe65b8bb756e34d4fedfb3d1b.png) http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/201147216cc4c00b13cdc317855d9700adf324c5.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201147216cc4c00b13cdc317855d9700adf324c5.png) 3、中冶集团 [<img src="https://images.seebug.org/upload/201511/20114825824f736a7c19464d00ed2db8ccde2073.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114825824f736a7c19464d00ed2db8ccde2073.png) http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true [<img src="https://images.seebug.org/upload/201511/20114835133a388fe19d5a2c0cc439e26fd5a2b5.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114835133a388fe19d5a2c0cc439e26fd5a2b5.png) 4、江苏省电力设计院 http://218.94.40.6:8080/hrss/rm/RmMain.jsp?dsName=ncdl [<img src="https://images.seebug.org/upload/201511/20114933cc7f17e0bdd87c6cfa9cd9d2a2de4742.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20114933cc7f17e0bdd87c6cfa9cd9d2a2de4742.png) [<img src="https://images.seebug.org/upload/201511/201149407869a37bc81e2e7dd09373ec81b2c658.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/201149407869a37bc81e2e7dd09373ec81b2c658.png) 5、顺德农商银行 http://career.sdebank.com/hrss/rm/RmMain.jsp?dsName=sdns [<img src="https://images.seebug.org/upload/201511/2011503218f29879f4182e01a1c15e36ba07758d.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011503218f29879f4182e01a1c15e36ba07758d.png) [<img src="https://images.seebug.org/upload/201511/2011503840f7ce60c8e5694b79adc093fefaa35a.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011503840f7ce60c8e5694b79adc093fefaa35a.png) 6、涌鑫集团 http://nc.yxgroup.cc [<img src="https://images.seebug.org/upload/201511/2011513484a8ff13479c2d8dff6129a860f8e352.png" alt="10.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011513484a8ff13479c2d8dff6129a860f8e352.png) [<img src="https://images.seebug.org/upload/201511/20115140ca3b0cfb2173f75e512e49c9045f2309.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20115140ca3b0cfb2173f75e512e49c9045f2309.png) 7、广州证券 http://hrzp.gzs.com.cn:9080 [<img src="https://images.seebug.org/upload/201511/2011523258f16b5440eeaeba21e977e1ceb65755.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/2011523258f16b5440eeaeba21e977e1ceb65755.png) [<img src="https://images.seebug.org/upload/201511/20115238ad19a73266834078416631868102d731.png" alt="13.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/20115238ad19a73266834078416631868102d731.png)