New Point Oa Excelexport Sensitive Information Leakage Vulnerability
New Point Oa Excelexport Sensitive Information Leakage Vulnerability
New Point OA ExcelExport sensitive information leakage vulnerability
Vulnerability Description
New point OA has a sensitive information leakage vulnerability. When accessing a specific URL, you can obtain the login name information of all users. The attacker can further utilize it after obtaining it.
Vulnerability Impact
New Point OA
Network surveying and mapping
Vulnerability reappears
The constructed Url will download the personnel list file
/ExcelExport/人员列表.xls
Log in to the background by obtaining the login name (default password 11111)
This post is licensed under CC BY 4.0 by the author.