From 496b8f43d90174df66242848cae449d457fc5f4c Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Fri, 14 Jul 2023 11:10:49 +0800 Subject: [PATCH] Create RSeeyou-OA_wpsAssistServlet_templateUrl_Arbitrary_File_Read_Vulnerability.md add RSeeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability --- ..._templateUrl_Arbitrary_File_Read_Vulnerability.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 RSeeyou-OA_wpsAssistServlet_templateUrl_Arbitrary_File_Read_Vulnerability.md diff --git a/RSeeyou-OA_wpsAssistServlet_templateUrl_Arbitrary_File_Read_Vulnerability.md b/RSeeyou-OA_wpsAssistServlet_templateUrl_Arbitrary_File_Read_Vulnerability.md new file mode 100644 index 0000000..fe1d8f5 --- /dev/null +++ b/RSeeyou-OA_wpsAssistServlet_templateUrl_Arbitrary_File_Read_Vulnerability.md @@ -0,0 +1,12 @@ +## RSeeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability + +| **Vulnerability** | **Seeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability** | +| :----: | :-----| +| **Chinese name** | 致远互联-OA wpsAssistServlet 文件 templateUrl 参数任意文件读取漏洞 | +| **CVSS core** | 7.5 | +| **FOFA Query** (click to view the results directly)| [body="/seeyon/USER-DATA/IMAGES/LOGIN/login.gif" \|\| title="用友致远A" \|\| (body="/yyoa/" && body!="本站内容均采集于") \|\| header="path=/yyoa" \|\| server=="SY8044" \|\| (body="A6-V5企业版" && body="seeyon" && body="seeyonProductId") \|\| (body="/seeyon/common/" && body="var _ctxpath = '/seeyon'") \|\| (body="A8-V5企业版" && body="/seeyon/") \|\| banner="Server: SY8044"](https://en.fofa.info/result?qbase64=Ym9keT0iL3NlZXlvbi9VU0VSLURBVEEvSU1BR0VTL0xPR0lOL2xvZ2luLmdpZiIgfHwgdGl0bGU9IueUqOWPi%2BiHtOi%2FnEEiIHx8IChib2R5PSIveXlvYS8iICYmIGJvZHkhPSLmnKznq5nlhoXlrrnlnYfph4fpm4bkuo4iKSB8fCBoZWFkZXI9InBhdGg9L3l5b2EiIHx8IHNlcnZlcj09IlNZODA0NCIgfHwgKGJvZHk9IkE2LVY15LyB5Lia54mIIiAmJiBib2R5PSJzZWV5b24iICYmIGJvZHk9InNlZXlvblByb2R1Y3RJZCIpIHx8IChib2R5PSIvc2VleW9uL2NvbW1vbi8iICYmIGJvZHk9InZhciBfY3R4cGF0aCA9ICcvc2VleW9uJyIpIHx8IChib2R5PSJBOC1WNeS8geS4mueJiCIgJiYgYm9keT0iL3NlZXlvbi8iKSB8fCBiYW5uZXI9IlNlcnZlcjogU1k4MDQ0Ig%3D%3D) | +| **Number of assets affected** | 53406 | +| **Description** | Seeyou-OA is a collaborative office software that digitally builds the digital collaborative operation platform of enterprises and provides one-stop big data analysis solutions for various business scenarios of enterprises.Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system. | +| **Impact** | Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system. | + +![](https://s3.bmp.ovh/imgs/2023/07/14/033b7613462dfe6a.gif)