| 제목 | Xinghu OA v2.3.2 sensitive information leaked |
|---|
| 설명 | Xinghu OA v2.3.2 version has any data backup in the frontend. An attacker can use this vulnerability to obtain the administrator password and successfully log in to the backend.
1、Access the url to back up the sql file and return success successfully.
task.php?m=sys|runt&a=beifen
2、you need to blast the folder name (1000-9999) and the number of data rows in the OA user table
Then access the corresponding json file to obtain the backed up data, and then obtain the administrator password |
|---|
| 원천 | ⚠️ https://github.com/magicwave18/vuldb/issues/2 |
|---|
| 사용자 | magicwave18 (UID 52598) |
|---|
| 제출 | 2023. 09. 24. PM 12:49 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 09. 29. PM 04:27 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 240927 [Xinhu RockOA 2.3.2 task.php?m=sys|runt&a=beifen start 정보 공개] |
|---|
| 포인트들 | 20 |
|---|