Skip to content

candy-kk/TongDaOA-Fake-User

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 

Repository files navigation

TongDaOA-Fake-User

通达OA 前台任意用户登录漏洞

仅供安全研究,禁止非法利用!

使用方法

  1. python3 poc.py -v 版本 -url url
  2. 运行并获取到可用的SESSIONID
  3. 替换浏览器Cookie中的SESSIONID即可实现登录为admin

影响范围

通达OA2017、V11.X<V11.5

About

通达OA 任意用户登录漏洞

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%