إرسال #212445: Xinghu OA v2.3.2 sensitive information leaked المعلومات

عنوانXinghu OA v2.3.2 sensitive information leaked
الوصفXinghu OA v2.3.2 version has any data backup in the frontend. An attacker can use this vulnerability to obtain the administrator password and successfully log in to the backend. 1、Access the url to back up the sql file and return success successfully. task.php?m=sys|runt&a=beifen 2、you need to blast the folder name (1000-9999) and the number of data rows in the OA user table Then access the corresponding json file to obtain the backed up data, and then obtain the administrator password
المصدر⚠️ https://github.com/magicwave18/vuldb/issues/2
المستخدم
 magicwave18 (UID 52598)
ارسال24/09/2023 12:49 PM (3 سنوات منذ)
الاعتدال29/09/2023 04:27 PM (5 days later)
الحالةتمت الموافقة
إدخال VulDB240927 [Xinhu RockOA 2.3.2 task.php?m=sys|runt&a=beifen start الكشف عن المعلومات]
النقاط20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!