OA E-Office UserSelect Unauthorized Access

ID: weaver-userselect-unauth

Severity: high

Author: SleepingBag945

Tags: weaver,e-office,oa,unauth

Description

OA E-Office UserSelect interface has an unauthorized access vulnerability, through which attackers can obtain sensitive information

YAML Source

id: weaver-userselect-unauth

info:
  name: OA E-Office UserSelect Unauthorized Access
  author: SleepingBag945
  severity: high
  description: |
    OA E-Office UserSelect interface has an unauthorized access vulnerability, through which attackers can obtain sensitive information
  reference:
    - https://github.com/achuna33/MYExploit/blob/8ffbf7ee60cbd77ad90b0831b93846aba224ab29/src/main/java/com/achuna33/Controllers/WeaverEOfficeController.java
    - http://wiki.peiqi.tech/wiki/oa/泛微OA/泛微OA%20E-Office%20UserSelect%20未授权访问漏洞.html
  classification:
    cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: weaver
    product: e-office
    fofa-query: app="泛微-EOffice"
  tags: weaver,e-office,oa,unauth

http:
  - method: GET
    path:
      - "{{BaseURL}}/UserSelect/"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<title>选择人员</title>"
          - "/UserSelect/dept.php"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ff6773052b241f00165e860c4e3e3eb0a37482f955b34857e931a4b142fa967d0221009e501bb17d8650dd79c55946a3562c1ae5bdef5138f05b84716baf2089ae7aad:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/weaver/weaver-userselect-unauth.yaml"

View on Github