某远OA未授权漏洞复现
2021-01-10 15:04:44 Author: forum.90sec.com(查看原文) 阅读量:454 收藏

最近今天这个漏洞诈尸了。全是通告阿里云

555

奇安信

666

你说你们复现就复现吧。还全部马赛克让我等小菜如何学习进步。
我来一张高清无码的进行复现。

致远

新漏洞出来不要吝啬分享。毕竟都能防御了。留图不留种菊花万人捅。
未授权漏洞可以利用url
位置
D:\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\cfgHome\base/systemProperties.xml

 <not_need_logon>
            <navurl>/main.do</navurl>
            <navurl>/main.do?method=changeLocale</navurl>
            <navurl>^/main.do?method=login</navurl>
            <navurl>^/main.do?method=headerjs</navurl>
            <navurl>/main.do?method=main</navurl>
            <navurl>/main.do?method=showAbout</navurl>
            <navurl>^/main.do?method=logout</navurl>
            <navurl>^/genericController.do</navurl>
            <navurl>^/autoinstall.do</navurl>
            <navurl>^/identification.do?method=getSessionId</navurl>
            <navurl>^/thirdpartyController.do</navurl>
            <navurl>^/form/formUpgrade.do</navurl>
            <navurl>^/uploadService.do?method=processUploadService</navurl>
            <navurl>^/a8genius.do~session=false</navurl>
            <navurl>^/uc/chat.do~session=false</navurl>
            <navurl>^/fileUpload.do?method=showRTE~session=false</navurl>
            <navurl>^/commonimage.do?method=showImage</navurl>
			<navurl>mProfileManager.getProfile</navurl> 
			<navurl>mLoginManager.transLogin</navurl> 
			<navurl>mMessageManager.getPushMessageList</navurl>  
			<navurl>mBindApplyManager.bindApplyByUser</navurl> 
			<navurl>mProductManager.productStatus</navurl>
			<navurl>mProductManager.productInfo</navurl>
			<navurl>mMOneProfileManager.getUpdateServerInfo</navurl>
			<navurl>mMOneProfileManager.getOAProfile</navurl>
			<navurl>mMessageManager.getConfig</navurl>
			<navurl>portalManager.smsLoginEnabled</navurl>
			<navurl>portalManager.sendSMSLoginCode</navurl>
			<navurl>weixinLoginManager.isLogin</navurl>			
			<navurl>^/seeyonReport/checkReportController.do</navurl>
			<navurl>^/personalBind.do</navurl>
			<navurl>/individualManager.do?method=resetPasswordNologin</navurl>
			<navurl>configManager.getConfigValue</navurl>
        </not_need_logon>

/main.do
/main.do?method=changeLocale
/main.do?method=login
/main.do?method=headerjs
/main.do?method=main
/main.do?method=showAbout
/main.do?method=logout
/genericController.do
/autoinstall.do
/identification.do?method=getSessionId
/thirdpartyController.do
/form/formUpgrade.do
/uploadService.do?method=processUploadService
/a8genius.do~session=false
/uc/chat.do~session=false
/fileUpload.do?method=showRTE~session=false
/commonimage.do?method=showImage
mProfileManager.getProfile
mLoginManager.transLogin
mMessageManager.getPushMessageList
mBindApplyManager.bindApplyByUser
mProductManager.productStatus
mProductManager.productInfo
mMOneProfileManager.getUpdateServerInfo
mMOneProfileManager.getOAProfile
mMessageManager.getConfig
portalManager.smsLoginEnabled
portalManager.sendSMSLoginCode
weixinLoginManager.isLogin
/seeyonReport/checkReportController.do
/personalBind.do
/individualManager.do?method=resetPasswordNologin
configManager.getConfigValue

文章来源: https://forum.90sec.com/t/topic/1513/1
如有侵权请联系:admin#unsafe.sh