Enviar #625553: https://www.qiyuesuo.com/ electronic signature platform <=4.34 RCEinformación

Títulohttps://www.qiyuesuo.com/ electronic signature platform <=4.34 RCE
DescripciónIn this exploit, the attacker used the platform's scheduled task feature to upload custom Java class files and bypassed the Runtime/Process blacklist detection mechanism by concatenating strings and using reflection. Ultimately, the attacker successfully executed system commands on the server side, completing remote command execution (RCE).
Fuente⚠️ https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md
Usuario
 nn0nkey (UID 74287)
Sumisión2025-07-30 10:40 (hace 11 meses)
Moderación2025-08-08 22:26 (9 days later)
EstadoDuplicado
Entrada de VulDB319298 [Qiyuesuo Eelectronic Signature Platform hasta 4.34 Scheduled Task /api/code/upload execute Archivo escalada de privilegios]
Puntos0

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!