Panavision.
e-cology workrelate_uploadOperation.jsp-RCE (default write to IceScorpion 4.0.3aes)
e-cology page_uploadOperation.jsp-RCE (no case found yet, just for poc detection)
e-cology BshServlet-RCE (can execute system commands directly)
e-cology KtreeUploadAction-RCE (default write to IceScorpion 4.0.3aes)
e-cology WorkflowServiceXml-RCE (default write to Memory Horse IceScorpion 3.0 beta11)
e-office logo_UploadFile.php-RCE (default write to IceScorpion 4.0.3aes)
e-office10 OfficeServer.php-RCE (default write to IceScorpion 4.0.3aes)
e-office doexecl.php-RCE (Write phpinfo, getshell required, please utilize by yourself)
e-mobile_6.6 messageType.do-SQlli (sqlmap utilization, no direct shell exp for now)
BlueLine:
landray_datajson-RCE (direct system command execution)
landray_treexmlTmpl-RCE (can directly execute system commands)
landray_sysSearchMain-RCE (multiple payloads, write to Godzilla 3.03 password yes)
Users.
yongyou_chajet_RCE (UFIDA T+ rce default write to Godzilla Cshap/Cshap_aes_base64)
yongyou_NC_FileReceiveServlet-RCE deserialization rce (default write to IceScorpion 4.0.3aes)
yongyou_NC_bsh.servlet.BshServlet_RCE (can execute system commands directly)
yongyou_NC_NCFindWeb Directory Traversal Vulnerability (See if a legacy webshell exists)
yongyou_GRP_UploadFileData-RCE (default write to IceScorpion 4.0.3aes)
yongyou_KSOA_imageUpload-RCE (default write to IceScorpion 4.0.3aes)
wanhuoa:
wanhuoa_OfficeServer-RCE (default write to IceScorpion 4.0.3aes)
wanhuoa_OfficeServer-RCE(default write Godzilla 4.0.1 jsp aes default password key)
wanhuoa_DocumentEdit-SQlli(mssql database available os-shell)
wanhuoa_OfficeServerservlet-RCE(Write IceScorpion 4.0.3 aes by default)
wanhuoa_fileUploadController-RCE (default write to IceScorpion 4.0.3aes)
To Far:
seeyonoa_main_log4j2-RCE (only support detection, turn on ladp service utilization by yourself)
seeyonoa_wpsAssistServlet-RCE (default write to IceScorpion 4.0.3aes)
seeyonoa_htmlofficeservlet-RCE (default write to IceScorpion 4.0.3aes)
seeyonoa_ajaxBypass-RCE(write scorpion password sky)
Tongdaoa.
tongdaoa_getdata-RCE (direct execution of system commands)
tongdaoa_APIali-RCE (default write to Scorpion 4.0.3aes)
Middleware: IIS_PUT_RCE
IIS_PUT_RCE (emm can’t getshell at the moment, only supports detecting java without M)
What do you think?
It is nice to know your opinion. Leave a comment.