Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/NS-Sp4ce/TongDaOA-Fake-User
通达OA 任意用户登录漏洞
https://github.com/NS-Sp4ce/TongDaOA-Fake-User
Last synced: about 2 months ago
JSON representation
通达OA 任意用户登录漏洞
- Host: GitHub
- URL: https://github.com/NS-Sp4ce/TongDaOA-Fake-User
- Owner: NS-Sp4ce
- Created: 2020-04-22T07:14:13.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-08-27T11:38:28.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:37:23.102Z (6 months ago)
- Language: Python
- Homepage:
- Size: 16.6 KB
- Stars: 356
- Watchers: 6
- Forks: 110
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - NS-Sp4ce/TongDaOA-Fake-User - 通达OA 任意用户登录漏洞 (Python)
README
# TongDaOA-Fake-User
通达OA 前台任意用户登录漏洞
**仅供安全研究,禁止非法利用!**
# 使用方法
1. python3 poc.py -v 版本 -url url
2. 运行并获取到可用的SESSIONID
3. 替换浏览器Cookie中的SESSIONID即可实现登录为admin
# 影响范围
**通达OA2017、V11.X