BiYan Information Leakage
BiYan 筆硯 is a well-known document system that is widely used in Asia that developed by EXCELLENT INFOTEK 傑印.
This vulnerability allows an attacker to reveal user information without being authenticated and login to the system.
Vulns
Information Leakage 1 (CVE-2019-11233)
The HTTP response contains information about the target user.

Information Leakage 2 (CVE-2019-11232)
The HTTP response contains information and password about the target user.
Notes
Credits
- Neil Liu (CHT Security)
- Keniver Wang (CHT Security)


