漏洞描述
深圳市顶讯网络科技有限公司旗下易宝OA是一款功能非常全面的移动办公软件,易宝OA 存在未授权接口导致token泄露
易宝OA 存在token泄露
PoC代码
暂无相关漏洞推荐
- 易宝OA-StockTake/IsPartNumber-存在SQL注入漏洞
- 易宝OA /SmartTradeScan/StockTake/IsPartNumber SQL 注入漏洞
- POC 易宝OA api/system/ExecuteQueryNoneResult SQL 注入漏洞
- 易宝OA系统 getPosition SQL注入漏洞
- U8+渠道管理(高级版) gettoken_new SQL注入漏洞
- POC k8s-apiserver-token-auth-file: Detect kube-apiserver --token-auth-file usage
- POC nacos-token-create-user: Nacos 默认密钥创建用户
- POC seeyon-m1-usertokenservice-rce: 致远OA M1 server 反序列化命令执行漏洞
- POC xxl-job-default-token-bypass-rce: XXL-JOB 默认 accessToken 身份绕过漏洞
- POC yibao-oa-executesqlforsingle-sqli: 易宝OA系统ExecuteSqlForSingle接口存在SQL注入
- POC file-enforce-server-tokens-prod: Enforce Apache2 ServerTokens Prod
- POC file-disable-nginx-server-tokens: Disbale Nginx Server Tokens
- POC amazon-mws-auth-token-value: Amazon MWS Authentication Token - Detect