用友致远A6协同系统 Session泄漏漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

<p>该漏洞泄露了当前登录用户(所有登录的)的SessionID;<br><br>利用泄露的SessionID即可登录该用户,包括管理员,进入后getshell毫无压力<br><br>/yyoa/ext/https/getSessionList.jsp<br><br>部分代码<br><br></p><pre><code style="margin: 0px; font-family: 'Lucida Console', 'Courier New', Courier, mono, monospace; color: rgb(51, 51, 51); background-color: rgb(248, 248, 248);">&lt;%@ page contentType="text/html;charset=GBK"%&gt;<br style="margin: 0px; padding: 0px;"> &lt;%@ page session= "false" %&gt;<br style="margin: 0px; padding: 0px;"> &lt;%@ page import="net.btdz.oa.ext.https.*"%&gt;<br style="margin: 0px; padding: 0px;"> &lt;%<br style="margin: 0px; padding: 0px;"> String reqType = request.getParameter("cmd");<br style="margin: 0px; padding: 0px;"> String outXML = "";<br style="margin: 0px; padding: 0px;"> boolean allowHttps = true;<br style="margin: 0px; padding: 0px;"> if("allowHttps".equalsIgnoreCase(reqType)){<br style="margin: 0px; padding: 0px;"> //add code to judge whether it allow https or not<br style="margin: 0px; padding:...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息