Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/NS-Sp4ce/TongDaOA-Fake-User

通达OA 任意用户登录漏洞
https://github.com/NS-Sp4ce/TongDaOA-Fake-User

Last synced: about 2 months ago
JSON representation

通达OA 任意用户登录漏洞

Awesome Lists containing this project

README

        

# TongDaOA-Fake-User
通达OA 前台任意用户登录漏洞

**仅供安全研究,禁止非法利用!**

# 使用方法
1. python3 poc.py -v 版本 -url url
2. 运行并获取到可用的SESSIONID
3. 替换浏览器Cookie中的SESSIONID即可实现登录为admin

# 影响范围

**通达OA2017、V11.X