|用友某重要站点Padding Oracle Vulnerability漏洞可登陆内部系统

用友某重要站点Padding Oracle Vulnerability漏洞可登陆内部系统

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：用友某重点站点Padding Oracle Vulnerability漏洞，泄露某员工账号，可登录包括邮箱、采购等系统,可作为跳板，严重威胁内网 ### 详细说明：通过burp抓包可越权访问http://i.yonyou.com,造成信息泄露 [<img src="https://images.seebug.org/upload/201605/31011549b92a2651c5733eb6985bf6a3e7ba1003.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31011549b92a2651c5733eb6985bf6a3e7ba1003.png) 利用获取的邮箱，进行找回密码操作，在找回密码第二部页面，存在Padding Oracle Vulnerability漏洞，可以获取敏感信息 [<img src="https://images.seebug.org/upload/201605/310117414ef19578d9cdf9ae062665313246de79.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/310117414ef19578d9cdf9ae062665313246de79.png) [<img src="https://images.seebug.org/upload/201605/31011753faaf5b5ced6cb22e286bcd8e13d52b77.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31011753faaf5b5ced6cb22e286bcd8e13d52b77.png) 利用获取到的敏感信息登录邮箱，mail.yonyou.com也能登录 [<img src="https://images.seebug.org/upload/201605/31012037d77cc9a2d2548bd8134096f8f1aa6b94.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012037d77cc9a2d2548bd8134096f8f1aa6b94.png) 采购系统 [<img src="https://images.seebug.org/upload/201605/3101213564b54b54783a841a6f3850aa29429da2.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/3101213564b54b54783a841a6f3850aa29429da2.png) 其他系统 [<img src="https://images.seebug.org/upload/201605/31012223c02232e4f74800ce507e5de288020cad.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012223c02232e4f74800ce507e5de288020cad.png) [<img src="https://images.seebug.org/upload/201605/310122351dc3d12ab28a1f314c25d3eed088ea56.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/310122351dc3d12ab28a1f314c25d3eed088ea56.png) [<img src="https://images.seebug.org/upload/201605/31012255a6a6572ac08728b4d2dcd9904d9caaa3.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012255a6a6572ac08728b4d2dcd9904d9caaa3.png) [<img src="https://images.seebug.org/upload/201605/31012329b0a89eb35f735b9404dc853fd605cb88.png" alt="14.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012329b0a89eb35f735b9404dc853fd605cb88.png) ### 漏洞证明：通过burp抓包可越权访问http://i.yonyou.com,造成信息泄露 [<img src="https://images.seebug.org/upload/201605/31011549b92a2651c5733eb6985bf6a3e7ba1003.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31011549b92a2651c5733eb6985bf6a3e7ba1003.png) 利用获取的邮箱，进行找回密码操作，在找回密码第二部页面，存在Padding Oracle Vulnerability漏洞，可以获取敏感信息 [<img src="https://images.seebug.org/upload/201605/310117414ef19578d9cdf9ae062665313246de79.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/310117414ef19578d9cdf9ae062665313246de79.png) [<img src="https://images.seebug.org/upload/201605/31011753faaf5b5ced6cb22e286bcd8e13d52b77.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31011753faaf5b5ced6cb22e286bcd8e13d52b77.png) 利用获取到的敏感信息登录邮箱，mail.yonyou.com也能登录 [<img src="https://images.seebug.org/upload/201605/31012037d77cc9a2d2548bd8134096f8f1aa6b94.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012037d77cc9a2d2548bd8134096f8f1aa6b94.png) 采购系统 [<img src="https://images.seebug.org/upload/201605/3101213564b54b54783a841a6f3850aa29429da2.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/3101213564b54b54783a841a6f3850aa29429da2.png) 其他系统 [<img src="https://images.seebug.org/upload/201605/31012223c02232e4f74800ce507e5de288020cad.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012223c02232e4f74800ce507e5de288020cad.png) [<img src="https://images.seebug.org/upload/201605/310122351dc3d12ab28a1f314c25d3eed088ea56.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/310122351dc3d12ab28a1f314c25d3eed088ea56.png) [<img src="https://images.seebug.org/upload/201605/31012255a6a6572ac08728b4d2dcd9904d9caaa3.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012255a6a6572ac08728b4d2dcd9904d9caaa3.png) [<img src="https://images.seebug.org/upload/201605/31012329b0a89eb35f735b9404dc853fd605cb88.png" alt="14.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201605/31012329b0a89eb35f735b9404dc853fd605cb88.png)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™