Invia #625553: https://www.qiyuesuo.com/ electronic signature platform <=4.34 RCEinformazioni

Titolohttps://www.qiyuesuo.com/ electronic signature platform <=4.34 RCE
DescrizioneIn this exploit, the attacker used the platform's scheduled task feature to upload custom Java class files and bypassed the Runtime/Process blacklist detection mechanism by concatenating strings and using reflection. Ultimately, the attacker successfully executed system commands on the server side, completing remote command execution (RCE).
Fonte⚠️ https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md
Utente
 nn0nkey (UID 74287)
Sottomissione30/07/2025 10:40 (11 mesi fa)
Moderazione08/08/2025 22:26 (9 days later)
StatoDuplicato
Voce VulDB319298 [Qiyuesuo Eelectronic Signature Platform fino a 4.34 Scheduled Task /api/code/upload execute File escalationi di privilegi]
Punti0

PrecedenteVisione D'ensembleIl prossimo

Want to know what is going to be exploited?

We predict KEV entries!