### 简要描述: 用友自带技能。 ### 详细说明: 漏洞描述: 测试的时候发现使用yongyou nc的目录下有uapws/目录。百度百科。 [<img src="https://images.seebug.org/upload/201509/3018315026ad0864a4a7316f9cae39a3e65a04b3.png" alt="QQ20150930-1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/3018315026ad0864a4a7316f9cae39a3e65a04b3.png) 打开后。自带登录模式,密码直接给你准备好了,登录就行了。好有爱。 [<img src="https://images.seebug.org/upload/201509/30183215a00940fe9bee7f567169ba3f89bcc8bf.png" alt="QQ20150930-2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/30183215a00940fe9bee7f567169ba3f89bcc8bf.png) 找个接口,先提交请求。然后进行format the response(在这里抓包) [<img src="https://images.seebug.org/upload/201509/30183242fa6a90385d49d32745d372210e59299c.png" alt="QQ20150930-3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/30183242fa6a90385d49d32745d372210e59299c.png) xxe漏洞 [<img...
### 简要描述: 用友自带技能。 ### 详细说明: 漏洞描述: 测试的时候发现使用yongyou nc的目录下有uapws/目录。百度百科。 [<img src="https://images.seebug.org/upload/201509/3018315026ad0864a4a7316f9cae39a3e65a04b3.png" alt="QQ20150930-1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/3018315026ad0864a4a7316f9cae39a3e65a04b3.png) 打开后。自带登录模式,密码直接给你准备好了,登录就行了。好有爱。 [<img src="https://images.seebug.org/upload/201509/30183215a00940fe9bee7f567169ba3f89bcc8bf.png" alt="QQ20150930-2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/30183215a00940fe9bee7f567169ba3f89bcc8bf.png) 找个接口,先提交请求。然后进行format the response(在这里抓包) [<img src="https://images.seebug.org/upload/201509/30183242fa6a90385d49d32745d372210e59299c.png" alt="QQ20150930-3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/30183242fa6a90385d49d32745d372210e59299c.png) xxe漏洞 [<img src="https://images.seebug.org/upload/201509/30183326564aa767962a5c88162a660aa248dc5e.png" alt="QQ20150930-5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/30183326564aa767962a5c88162a660aa248dc5e.png) ### 漏洞证明: 高清无码 [<img src="https://images.seebug.org/upload/201509/301834010d7b0d90e830d78290493a8fee97400c.png" alt="QQ20150930-6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/301834010d7b0d90e830d78290493a8fee97400c.png) [<img src="https://images.seebug.org/upload/201509/301834122e1c8e1b668b136d790ab841d8ff788a.png" alt="QQ20150930-7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/301834122e1c8e1b668b136d790ab841d8ff788a.png)