# 用友 NC bsh.servlet.BshServlet 远程命令执行漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

用友 NC bsh.servlet.BshServlet 存在远程命令执行漏洞，通过BeanShell 执行远程命令获取服务器权限

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

用友 NC

### FOFA <a href="#fofa" id="fofa"></a>

icon\_hash="1085941792"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

访问页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm88_yILyjjHqBUpJS%2F-Mhm9kozq2uVKlU9td4o%2Fimage.png?alt=media\&token=1e57ac52-c3c8-4ed0-b8bc-de060b2f84f3)

漏洞Url为

```
/servlet/~ic/bsh.servlet.BshServlet
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhm88_yILyjjHqBUpJS%2F-Mhm9sDdWKW1rcs5YobZ%2Fimage.png?alt=media\&token=b43cb566-fa89-44ce-8dd8-6a94edbe5221)