Submeter #625553: https://www.qiyuesuo.com/ electronic signature platform <=4.34 RCEinformação

Títulohttps://www.qiyuesuo.com/ electronic signature platform <=4.34 RCE
DescriçãoIn this exploit, the attacker used the platform's scheduled task feature to upload custom Java class files and bypassed the Runtime/Process blacklist detection mechanism by concatenating strings and using reflection. Ultimately, the attacker successfully executed system commands on the server side, completing remote command execution (RCE).
Fonte⚠️ https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md
Utilizador
 nn0nkey (UID 74287)
Submissão30/07/2025 10h40 (há 11 meses)
Moderação08/08/2025 22h26 (9 days later)
EstadoDuplicado
Entrada VulDB319298 [Qiyuesuo Eelectronic Signature Platform até 4.34 Scheduled Task /api/code/upload execute Ficheiro Elevação de Privilégios]
Pontos0

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!