Zhiyuan OA Session Leak

What is the "Zhiyuan OA Session Leak?" module?

The "Zhiyuan OA Session Leak" module is a vulnerability detection module that targets the Zhiyuan OA software. It is designed to identify a specific vulnerability that allows remote unauthenticated users to access sensitive session information through the 'getSessionList.jsp' endpoint. This vulnerability has a medium severity level.

This module was authored by pikpikcu.

Impact

If exploited, this vulnerability can expose sensitive session information to unauthorized users. This can potentially lead to unauthorized access to the system and compromise the confidentiality and integrity of the data.

How does the module work?

The module works by sending an HTTP GET request to the '/yyoa/ext/https/getSessionList.jsp?cmd=getAll' endpoint. It then applies matching conditions to determine if the vulnerability is present.

The matching conditions for this module are as follows:

- The response must contain the words "<usrID>" and "<sessionID>". - The response status code must be 200.

If both conditions are met, the module will report the vulnerability.

Here is an example of the HTTP request sent by the module:

GET /yyoa/ext/https/getSessionList.jsp?cmd=getAll

For more information, you can refer to the following resource: https://www.zhihuifly.com/t/topic/3345

Metadata:

- max-request: 1