Yonyou U9 Unauthenticated File Upload Scanner

The Yonyou U9 is an integrated enterprise management software solution frequently adopted by businesses to streamline their operational processes. It is primarily utilized across various industries, including manufacturing, trading, and service sectors, to manage tasks like accounting, inventory, and production management. The software provides extensive features to meet the diverse requirements of these enterprises. Primarily used by medium to large-sized businesses, it optimizes different business operations and enhances productivity. Users rely on Yonyou U9 for critical enterprise resource planning functions, making it a fundamental part of their IT infrastructure. Its robust modules support the seamless integration of business processes and data.

The vulnerability found in Yonyou U9 allows unauthenticated attackers to exploit the file upload feature. This weakness permits the uploading of malicious files that could lead to remote code execution, making it a critical security risk. It stems from insufficient checks on file uploads within the PatchFile.asmx interface. As the vulnerability is unauthenticated, attackers can exploit it without any credential verification. The extent of control gained by exploiting this vulnerability results in various security issues. If exploited successfully, it can compromise the integrity, confidentiality, and availability of data within Yonyou U9.

Technically, the vulnerability resides in the way Yonyou U9 handles file uploads through the PatchFile.asmx endpoint. Using an HTTP POST request, attackers can send specially crafted payloads to this endpoint to facilitate file uploads. The SOAPAction header within the request targets the SaveFile operation, allowing unverified files to be uploaded to the server. Matchers verify the existence of files by checking specific response indicators in the returned HTTP body. The vulnerability's exploitation does not require complex authentication mechanisms, elevating its risk level due to its ease of execution.

When this vulnerability is exploited by malicious actors, it can lead to severe impacts such as unauthorized file execution and data breaches. Attackers may gain the ability to execute arbitrary code on the server, potentially leading to a complete system compromise. Controlling the server could allow adversaries to manipulate or steal sensitive data, inject malicious code, or disrupt normal business operations. This makes the vulnerability particularly dangerous, especially in environments where sensitive enterprise data is handled by Yonyou U9.

REFERENCES

• http://tempuri.org/SaveFile