用友某软件存在通用XXE漏洞

### 简要描述： ### 详细说明： 1.民生证券 http://**.**.**.**/uapws/ [<img src="https://images.seebug.org/upload/201601/200959349c3a44acc3e242c9b2d455dd416569fe.jpg" alt="Snap331.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/200959349c3a44acc3e242c9b2d455dd416569fe.jpg) [<img src="https://images.seebug.org/upload/201601/200959422139a96b8903b7273200e50e815348b3.jpg" alt="Snap333.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/200959422139a96b8903b7273200e50e815348b3.jpg) 抓包 ``` POST /uapws/soapFormat.ajax HTTP/1.1 Host: **.**.**.** User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://**.**.**.**/uapws/ Content-Length: 384 Cookie: JSESSIONID=D9A66C6E1C99D59B42D690082C39E02D.server; SaveStateCookie=Server%2Cuap%2Cnc.itf.ses.DataPowerService%2Cnc.itf.ses.DataPowerService%3ADataPowerServicePortType%2Cnc.pubitf.rbac.IUserPubServiceWS%2Cnc.pubitf.rbac.IUserPubServiceWS%3AIUserPubServiceWSPortType%2Cnc.uap.oba.update.IUpdateService%2Cnc.uap.oba.update.IUpdateService%3AIUpdateServicePortType; JSESSIONID=8631851994940C5860B6144F6C85C7DE.server Connection: keep-alive msg=********* ``` msg的内容我们替换一下 [<img src="https://images.seebug.org/upload/201601/20100157959ec80dee5a01a79341121fdb269ead.jpg" alt="Snap334.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/20100157959ec80dee5a01a79341121fdb269ead.jpg) view-source:http://**.**.**.**/index.jsp 项目目录 [<img src="https://images.seebug.org/upload/201601/20100341db7e42bc50a4c30dac0b25a51299758e.jpg" alt="Snap335.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/20100341db7e42bc50a4c30dac0b25a51299758e.jpg) ### 漏洞证明： 2.中国建筑工程总公司 http://**.**.**.** [<img src="https://images.seebug.org/upload/201601/2010273056e7f6aef0d1f066eeaa0d913c2decd1.jpg" alt="Snap340.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/2010273056e7f6aef0d1f066eeaa0d913c2decd1.jpg) 3.**.**.**.**:9001/uapws/ [<img src="https://images.seebug.org/upload/201601/20102605b38018d2cd22a41e070b8acaf019e373.jpg" alt="Snap339.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/20102605b38018d2cd22a41e070b8acaf019e373.jpg) 4.好药网 http://**.**.**.**:8080/uapws/ [<img src="https://images.seebug.org/upload/201601/20102538336f72536ef55a7db6e4573cef20c133.jpg" alt="Snap338.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/20102538336f72536ef55a7db6e4573cef20c133.jpg) 5.http://**.**.**.**/uapws/ [<img src="https://images.seebug.org/upload/201601/2010303510404103948efdca122e4906d7fc69a4.jpg" alt="Snap341.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201601/2010303510404103948efdca122e4906d7fc69a4.jpg)