admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Weaver_ecology_XmlRpcServlet_Path_File_Read_Vulnerability.md

Browse Source
This commit is contained in:
Goby 2023-09-07 22:41:21 +08:00 committed by GitHub
parent 1b2db7aeae
commit d5a7b33a36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Weaver_ecology_XmlRpcServlet_Path_File_Read_Vulnerability.md Normal file
View File

@ -0,0 +1,12 @@
## Weaver ecology XmlRpcServlet Path File Read Vulnerability
| **Vulnerability** | **Weaver ecology XmlRpcServlet Path File Read Vulnerability** |
| :----: | :-----|
| **Chinese name** | 泛微 e-cology XmlRpcServlet 接口文件读取漏洞 |
| **CVSS core** | 7.8 |
| **FOFA Query** (click to view the results directly)| [((body="szFeatures" && body="redirectUrl") \|\| (body="rndData" && body="isdx") \|\| (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") \|\| body="/theme/ecology8/jquery/js/zDialog_wev8.js" \|\| body="ecology8/lang/weaver_lang_7_wev8.js" \|\| body="src=\"/js/jquery/jquery_wev8.js" \|\| (header="Server: WVS" && (title!="404 Not Found" && header!="404 Not Found"))) && header!="testBanCookie" && header!="Couchdb" && header!="JoomlaWor" && body!="<title>28ZE</title>"](https://en.fofa.info/result?qbase64=KChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJyZWRpcmVjdFVybCIpIHx8IChib2R5PSJybmREYXRhIiAmJiBib2R5PSJpc2R4IikgfHwgKGJvZHk9InR5cGVvZiBwb3BwZWRXaW5kb3ciICYmIGJvZHk9ImNsaWVudC9qcXVlcnkuY2xpZW50X3dldjguanMiKSB8fCBib2R5PSIvdGhlbWUvZWNvbG9neTgvanF1ZXJ5L2pzL3pEaWFsb2dfd2V2OC5qcyIgfHwgYm9keT0iZWNvbG9neTgvbGFuZy93ZWF2ZXJfbGFuZ183X3dldjguanMiIHx8IGJvZHk9InNyYz1cIi9qcy9qcXVlcnkvanF1ZXJ5X3dldjguanMiIHx8IChoZWFkZXI9IlNlcnZlcjogV1ZTIiAmJiAodGl0bGUhPSI0MDQgTm90IEZvdW5kIiAmJiBoZWFkZXIhPSI0MDQgTm90IEZvdW5kIikpKSAmJiBoZWFkZXIhPSJ0ZXN0QmFuQ29va2llIiAmJiBoZWFkZXIhPSJDb3VjaGRiIiAmJiBoZWFkZXIhPSJKb29tbGFXb3IiICYmIGJvZHkhPSI8dGl0bGU%2BMjhaRTwvdGl0bGU%2BIg%3D%3D) |
| **Number of assets affected** | 111321 |
| **Description** | Weaver e-cology is an OA office system specifically designed for large and medium-sized enterprises, supporting simultaneous work on PC, mobile, and WeChat platforms.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. |
| **Impact** | Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. |
![](https://s3.bmp.ovh/imgs/2023/09/07/af06beef9479a1c1.gif)