Zhiyuan Oa A6 Createmysql Jsp Database Sensitive Information Leak
Zhiyuan Oa A6 Createmysql Jsp Database Sensitive Information Leak
Zhiyuan OA A6 createMysql.jsp database sensitive information leak
Vulnerability Description
Zhiyuan OA A6 has leaked database sensitive information, and attackers can obtain database accounts and passwords by accessing specific URLs MD5
Vulnerability Impact
Zhiyuan OA A6
Network surveying and mapping
Vulnerability reappears
When accessing the following URL, the SQL statement select *from mysql.user; is executed to query and return to the page
/yyoa/createMysql.jsp
/yyoa/ext/createMysql.jsp
This post is licensed under CC BY 4.0 by the author.