|致远某内部系统存在大量弱口令 - VULHUB开源网络安全威胁库

致远某内部系统存在大量弱口令

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述： ### 详细说明： http://seeyonqd.seeyon.com/seeyon/index.jsp [<img src="https://images.seebug.org/upload/201602/16123451793c3283c3abc5e2460a00b753ab2e6f.jpg" alt="Snap13.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16123451793c3283c3abc5e2460a00b753ab2e6f.jpg) http://seeyonqd.seeyon.com//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=admin&P_2_String=wy [<img src="https://images.seebug.org/upload/201602/161235173a05c231fd9b78df48d7de103f19e779.jpg" alt="Snap14.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/161235173a05c231fd9b78df48d7de103f19e779.jpg) ### 漏洞证明：抓包密码采用123456 加载字典 ``` GET //seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=§admin§&P_2_String=123456 HTTP/1.1 Host: seeyonqd.seeyon.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:44.0) Gecko/20100101 Firefox/44.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: Hm_lvt_49c0fa7f96aa0a5fb95c62909d5190a6=1448947722,1450778648; _pzfxuvpc=1448947722817%7C2030227237365975657%7C3%7C1450778652617%7C2%7C1039825726131986263%7C1227968928834029449 X-Forwarded-For: 8.8.8.8 Connection: keep-alive ``` [<img src="https://images.seebug.org/upload/201602/16123637ddc7ca706f7a883571ac930aaf35cd5c.jpg" alt="Snap15.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16123637ddc7ca706f7a883571ac930aaf35cd5c.jpg) [<img src="https://images.seebug.org/upload/201602/16124330e02999adec0792d9d240cbccc01ac9c4.jpg" alt="Snap16.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16124330e02999adec0792d9d240cbccc01ac9c4.jpg) 使用chengl 密码123456登录竟然提示无效的用户名或密码但是换个密码提示 [<img src="https://images.seebug.org/upload/201602/16124339f2a42a58221a111b608459c0e33f8dd1.jpg" alt="Snap17.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16124339f2a42a58221a111b608459c0e33f8dd1.jpg) 说明这个账号密码正确但是无法登录换一个 zw 密码123456 [<img src="https://images.seebug.org/upload/201602/16124348df624fa8104a21ce2e03dade5181fcc6.jpg" alt="Snap18.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16124348df624fa8104a21ce2e03dade5181fcc6.jpg) [<img src="https://images.seebug.org/upload/201602/161243580ccb3e73fec418829f6bd8f7fefd68cd.jpg" alt="Snap19.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/161243580ccb3e73fec418829f6bd8f7fefd68cd.jpg) [<img src="https://images.seebug.org/upload/201602/16124407e2c2e96e9b922790218ac2670277b2f7.jpg" alt="Snap20.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16124407e2c2e96e9b922790218ac2670277b2f7.jpg) [<img src="https://images.seebug.org/upload/201602/16124318dda216e05fb487129cc16714e5ccc402.jpg" alt="Snap21.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201602/16124318dda216e05fb487129cc16714e5ccc402.jpg) 其他就不查看了

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™