Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Summer177/seeyon_exp
致远OA综合利用工具
https://github.com/Summer177/seeyon_exp
Last synced: 3 months ago
JSON representation
致远OA综合利用工具
- Host: GitHub
- URL: https://github.com/Summer177/seeyon_exp
- Owner: Summer177
- Created: 2021-06-03T07:22:37.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-06-03T08:03:40.000Z (over 3 years ago)
- Last Synced: 2024-06-06T20:57:59.195Z (5 months ago)
- Language: Python
- Homepage:
- Size: 45.9 KB
- Stars: 370
- Watchers: 6
- Forks: 72
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Summer177/seeyon_exp - 致远OA综合利用工具 (Python)
README
# 工具介绍
**致远OA漏洞检查与利用工具,收录漏洞如下:**
```
信息泄露:
致远OA A8 状态监控页面信息泄露
致远OA A6 initDataAssess.jsp 用户敏感信息泄露
致远OA A6 createMysql.jsp 数据库敏感信息泄露
致远OA A6 DownExcelBeanServlet 用户敏感信息泄露
致远OA getSessionList.jsp Session泄漏漏洞
SQL注入:
致远OA A6 setextno.jsp SQL注入漏洞
致远OA A6 test.jsp SQL注入漏洞
文件上传:
致远OA ajax.do 登录绕过&任意文件上传
致远OA Session泄露 任意文件上传漏洞
任意文件下载:
致远OA webmail.do任意文件下载
```
**使用方法:**
```
Usage:
python3 seeyon_exp.py -u url #漏洞检测
python3 seeyon_exp.py -u url --att #漏洞检测+getshell
python3 seeyon_exp.py -f url.txt #批量漏洞检查
python3 seeyon_exp.py -f url.txt --att #批量漏洞检测+getshell
Options:
-h, --help show this help message and exit
-u URL, --url=URL target url
-f FILE, --file=FILE url file
--att getshell
```
```
python3 seeyon_exp.py -u url
```
```
python3 seeyon_exp.py -u url --att
```
**默认使用冰蝎3的webshell,密码为rebeyond**
**扫码结果保存为result.txt,使用批量扫描时,建议先筛选出存活url**
**仅用于授权测试,违者后果自负**
参考链接:
```
https://github.com/PeiQi0/PeiQi-WIKI-POC/tree/PeiQi/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E8%87%B4%E8%BF%9COA
```