| 제목 | Seeyon Zhiyuan OA Web Application System V8.1 SP2 Server-Side Request Forgery Vulnerability |
|---|
| 설명 | 1.Vulnerability name:
Server-Side Request Forgery(SSRF) Vulnerability of Seeyon Zhiyuan Web OA Application System
2.Vulnerability Contributor and Submitter: caichaoxiong
3.Vulnerability Level : Medium
4.Vulnerability Description :
Due to security defects, Zhiyuan Web OA application system has an SSRF (Server-Side Request Forgery ) vulnerability. Attackers can exploit the application defects on the Zhiyuan server side to initiate forged network requests and attack the internal network , internal enterprise servers or other systems in the external network.
5.Version affected by the vulnerability: Zhiyuan Web OA system product version number: V8.1 SP2.
6.Vulnerability Fix:
(1)Input validation: Strictly validate all user input to ensure that the entered URL or target address conforms to the expected format.
(2)Whitelist strategy: Only allow applications to initiate requests to predefined whitelist addresses and prohibit access to other addresses.
(3)Restrict network access: Limit network access permissions for server-side applications to ensure that they can only access necessary services.
(4)Use secure libraries: Use security-verified libraries and frameworks, and avoid using insecure network request functions.
(5)Monitoring and alarm: Monitor the server-side network requests in real time, set up an alarm mechanism, and detect abnormal requests in time.
|
|---|
| 원천 | ⚠️ https://wx.mail.qq.com/s?k=i0-p-2N4MHcFOeM00E |
|---|
| 사용자 | caichaoxiong (UID 84060) |
|---|
| 제출 | 2025. 05. 09. AM 09:42 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 23. PM 09:02 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310221 [Seeyon Zhiyuan OA Web Application System 까지 8.1 SP2 ThirdMenuController.class this.oursNetService.getData url 권한 상승] |
|---|
| 포인트들 | 17 |
|---|