提出 #212445: Xinghu OA v2.3.2 sensitive information leaked 情報

タイトルXinghu OA v2.3.2 sensitive information leaked
説明Xinghu OA v2.3.2 version has any data backup in the frontend. An attacker can use this vulnerability to obtain the administrator password and successfully log in to the backend. 1、Access the url to back up the sql file and return success successfully. task.php?m=sys|runt&a=beifen 2、you need to blast the folder name (1000-9999) and the number of data rows in the OA user table Then access the corresponding json file to obtain the backed up data, and then obtain the administrator password
ソース⚠️ https://github.com/magicwave18/vuldb/issues/2
ユーザー
 magicwave18 (UID 52598)
送信2023年09月24日 12:49 (3 年 ago)
モデレーション2023年09月29日 16:27 (5 days later)
ステータス承諾済み
VulDBエントリ240927 [Xinhu RockOA 2.3.2 task.php?m=sys|runt&a=beifen start 情報漏えい]
ポイント20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!