Skip to content

Instantly share code, notes, and snippets.

@keniver

keniver/BiYan-Information-Leakage.MD Secret

Last active August 12, 2019 03:44
Show Gist options
  • Save keniver/dd27ba44d0aef4318551e647d927242f to your computer and use it in GitHub Desktop.
Save keniver/dd27ba44d0aef4318551e647d927242f to your computer and use it in GitHub Desktop.
Download ZIP
BiYan Information Leakage
Raw
BiYan-Information-Leakage.MD

BiYan Information Leakage

BiYan 筆硯 is a well-known document system that is widely used in Asia that developed by EXCELLENT INFOTEK 傑印.

This vulnerability allows an attacker to reveal user information without being authenticated and login to the system.

Vulns

Information Leakage 1 (CVE-2019-11233)

The HTTP response contains information about the target user. RESPONSE_01

Information Leakage 2 (CVE-2019-11232)

The HTTP response contains information and password about the target user.

PWD_Plaintext

Notes

  1. BiYan 筆硯
  2. EXCELLENT INFOTEK 傑印

Credits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment